Skip to content

Feat: Server HTML Sanitization Rich Text#4220

Open
Br0wnHammer wants to merge 7 commits into
developfrom
feat/server-html-sanitization-rich-text
Open

Feat: Server HTML Sanitization Rich Text#4220
Br0wnHammer wants to merge 7 commits into
developfrom
feat/server-html-sanitization-rich-text

Conversation

@Br0wnHammer

Copy link
Copy Markdown
Member

Describe your changes

Implements a strict, shared HTML allowlist for user-generated rich text: Servers/utils/sanitization.utils.ts sanitizes data before persistence for policies, evidence hub, intake forms, and notes, while a new RichTextRenderer component and useRichTextSanitizer hook provide matching frontend rendering with optional sandboxing and a content-stripped warning. Includes expanded backend unit tests, frontend renderer tests, and i18n coverage.

Fixes No. 2 of #4150

Please ensure all items are checked off before requesting a review:

  • I deployed the code locally.
  • I have performed a self-review of my code.
  • I have included the issue # in the PR.
  • I have labelled the PR correctly.
  • The issue I am working on is assigned to me.
  • I have avoided using hardcoded values to ensure scalability and maintain consistency across the application.
  • I have ensured that font sizes, color choices, and other UI elements are referenced from the theme.
  • My pull request is focused and addresses a single, specific feature.
  • If there are UI changes, I have attached a screenshot or video to this PR.
  • If I added or modified an API endpoint, the change is reflected in the generated OpenAPI spec (npm run generate:swagger).
  • If the endpoint requires authentication, it uses authenticateJWT and the generated spec declares bearerAuth security.
  • I ran npm run check:api-drift and committed the regenerated swagger.yaml and endpoints.ts.
  • If this PR adds or modifies an organization-scoped table, the tenant isolation registry and test matrix are updated. See the tenant isolation runbook for details.

@Br0wnHammer Br0wnHammer added this to the 2.5 milestone Jul 1, 2026
@Br0wnHammer Br0wnHammer self-assigned this Jul 1, 2026
@Br0wnHammer Br0wnHammer added the enhancement New feature or request label Jul 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

enhancement New feature or request

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant