Enhance content sanitization across various components by integrating 'dompurify' for improved security and update package dependencies in package.json and package-lock.json.

2025-12-20 10:49:20 +01:00
parent acfa842131
commit 316cce1b26
49 changed files with 349 additions and 23 deletions
--- a/server/api/membership/update-status.put.js
+++ b/server/api/membership/update-status.put.js
@@ -31,6 +31,14 @@ export default defineEventHandler(async (event) => {
      })
    }
    
+    // Validiere ID (sollte UUID-Format sein)
+    if (!id || typeof id !== 'string' || !/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(id)) {
+      throw createError({
+        statusCode: 400,
+        statusMessage: 'Ungültige ID'
+      })
+    }
+    
    const dataDir = path.join(process.cwd(), 'server/data/membership-applications')
    const filePath = path.join(dataDir, `${id}.json`)