Jason Woltje aa14b580b3 fix(#337): Sanitize HTML before wiki-link processing in WikiLinkRenderer ...

- Apply DOMPurify to entire HTML input before parseWikiLinks()
- Prevents stored XSS via knowledge entry content (SEC-WEB-2)
- Allow safe formatting tags (p, strong, em, etc.) but strip scripts, iframes, event handlers
- Update tests to reflect new sanitization behavior

Refs #337

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-02-05 15:25:57 -06:00

..

src

fix(#337): Sanitize HTML before wiki-link processing in WikiLinkRenderer

2026-02-05 15:25:57 -06:00

.dockerignore

feat(#37-41): Add domains, ideas, relationships, agents, widgets schema

2026-01-29 12:29:21 -06:00

Dockerfile

fix(#180): Update pnpm to 10.27.0 in Dockerfiles

2026-02-01 20:52:43 -06:00

eslint.config.js

fix(#1): Address code review findings

2026-01-28 15:07:04 -06:00

next-env.d.ts

feat(#1): Set up monorepo scaffold with pnpm workspaces + TurboRepo

2026-01-28 13:31:33 -06:00

next.config.ts

feat(#1): Set up monorepo scaffold with pnpm workspaces + TurboRepo

2026-01-28 13:31:33 -06:00

package.json

fix(#M5-QA): address security findings from code review

2026-02-02 16:50:38 -06:00

tsconfig.json

fix: Resolve web package lint and typecheck errors

2026-01-30 21:34:12 -06:00

vitest.config.ts

test(CI): fix all test failures from lint changes

2026-01-31 01:01:21 -06:00

vitest.setup.ts

test(CI): fix all test failures from lint changes

2026-01-31 01:01:21 -06:00