Closes #661 security: xdr-input-sanitization

[mich-sys]

Closes #661

Description

Closes #

---

Type of change

• feat — new feature
• fix — bug fix
• perf — performance improvement
• refactor — code change with no feature/fix impact
• docs — documentation only
• chore — tooling, CI, dependencies
• test — tests only

---

How has this been tested?

• Unit tests
• Integration tests
• Manual testing (describe steps below)
• Parity check (npm run parity:rust)
• E2E tests (playwright test)

Manual test steps:

---

Evidence

# paste log / test output here

---

Screenshots (if applicable)

Before	After

---

Checklist

• My branch was created from main (git checkout -b ... origin/main)
• Commits follow Conventional Commits format
• All CI checks pass (lint, type-check, tests)
• New environment variables are documented in .env.example
• ADR updated or created in docs/adr/ if this is a significant architectural change
• PR description includes evidence (screenshot, log, or test output)
• I have reviewed my own diff before requesting review

[drips-wave]

@mich-sys Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits