Enhance security by adding DOMPurify sanitization comments in newsletter and Vereins components, and update path handling comments in server utilities to address potential path traversal vulnerabilities.

2025-12-20 10:54:49 +01:00
parent 316cce1b26
commit 968c749fe3
12 changed files with 33 additions and 1 deletions
--- a/pages/cms/newsletter.vue
+++ b/pages/cms/newsletter.vue
@@ -166,6 +166,8 @@
                          Keine Empfänger gefunden
                        </span>
                      </div>
+                      <!-- nosemgrep: javascript.vue.security.audit.xss.templates.avoid-v-html -->
+                      <!-- content is sanitized with DOMPurify via useSanitizeHtml -->
                      <div
                        class="text-sm text-gray-600 prose prose-sm max-w-none mb-3"
                        v-html="useSanitizeHtml(post.content.substring(0, 200) + (post.content.length > 200 ? '...' : ''))"