Skip to content

fix: XSS prevention and frontend cleanup#231

Open
0xNyk wants to merge 1 commit into666ghj:mainfrom
0xNyk:fix/frontend-xss-cleanup
Open

fix: XSS prevention and frontend cleanup#231
0xNyk wants to merge 1 commit into666ghj:mainfrom
0xNyk:fix/frontend-xss-cleanup

Conversation

@0xNyk
Copy link

@0xNyk 0xNyk commented Mar 17, 2026
edited
Loading

Summary

  • Add DOMPurify dependency and create sanitize.js utility
  • Sanitize all v-html content through renderMarkdown() in Step4Report and Step5Interaction
  • Guard all setInterval calls with clearInterval to prevent timer leaks in Step3Simulation, MainView, SimulationRunView

Test plan

  • Verify frontend builds: cd frontend && npm run build
  • Test report and interaction views render markdown correctly
  • Verify no duplicate timers accumulate during navigation

@0xNyk
fix: XSS prevention and frontend timer cleanup
af5c1c6 
- Add DOMPurify to sanitize all v-html content
- Create sanitize.js utility with sanitizeHtml()
- Wrap renderMarkdown output in Step4Report and Step5Interaction
- Guard all setInterval calls with clearInterval to prevent timer leaks
@0xNyk
Copy link
Author

0xNyk commented Mar 17, 2026

Verification

All checks pass on merged code:

Test Result
sanitize.js exists with DOMPurify wrapper ✅ PASS
sanitizeHtml used in Step4Report (2 refs) ✅ PASS
sanitizeHtml used in Step5Interaction (2 refs) ✅ PASS
clearInterval guards in Step3Simulation ✅ PASS
clearInterval guards in MainView ✅ PASS
npm run build succeeds ✅ PASS 
✓ 678 modules transformed.
✓ built in 1.80s

@ChinmayShringi ChinmayShringi mentioned this pull request Mar 17, 2026
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@0xNyk