Skip to content

Add node field XSS sanitization#84

Merged
JamesEjembi merged 1 commit into
VeriNode-Labs:mainfrom
real-venus:feat/xss-node-field-sanitization
Jun 25, 2026
Merged

Add node field XSS sanitization#84
JamesEjembi merged 1 commit into
VeriNode-Labs:mainfrom
real-venus:feat/xss-node-field-sanitization

Conversation

@real-venus

Copy link
Copy Markdown
Contributor

Summary

Implements XSS protection for dynamic node identifier strings in the VeriNode frontend.

Closes #9

Changes

  • Added DOMPurify-based sanitization for node fields:
    • displayName
    • description
    • location
    • contactEmail
    • websiteUrl
  • Added SafeText component for safe plain-text rendering.
  • Added network node components:
    • NodeCard
    • NodeList
    • NodeDetailPanel
  • Integrated sanitized node rendering into /network.
  • Added ESLint ban for dangerouslySetInnerHTML.
  • Added CSP headers in next.config.ts.
  • Added fast-check/Vitest property tests with 500 malicious strings.
  • Added Playwright XSS regression test for injected node fields.

@JamesEjembi JamesEjembi merged commit e9e0eea into VeriNode-Labs:main Jun 25, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

XSS Validation Filters Shielding Dynamic Node Identifier Strings

2 participants