sub2api/frontend/src/utils/sanitize.ts at bf6fe5e9626c2f32ef5d12cc86003f5c9585c1fd - sub2api - Gitea: Git with a cup of tea

wanwu/sub2api

mirror of https://gitee.com/wanwujie/sub2api synced 2026-04-03 06:52:13 +08:00

Files

erio bf6fe5e962 fix: custom menu security hardening and code quality improvements

- Add admin menu permission check in CustomPageView (visibility + role)
- Sanitize SVG content with DOMPurify before v-html rendering (XSS prevention)
- Decouple router.go from dto package using anonymous struct
- Consolidate duplicate parseCustomMenuItems into dto.ParseCustomMenuItems
- Enhance menu item validation (count, length, ID uniqueness limits)
- Add audit logging for purchase_subscription and custom_menu_items changes
- Update API contract test to include custom_menu_items field

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-03 06:23:56 +08:00

7 lines

194 B

TypeScript

Raw Blame History

 import DOMPurify from 'dompurify'
 export function sanitizeSvg(svg: string): string {
   if (!svg) return ''
   return DOMPurify.sanitize(svg, { USE_PROFILES: { svg: true, svgFilters: true } })
 }