Added DOMPurify library to sanitize HTML content before rendering with
dangerouslySetInnerHTML. This prevents Cross-Site Scripting (XSS) attacks
where malicious scripts could be injected through blog post content.
Changes:
- Installed dompurify and @types/dompurify
- Added HTML sanitization in BlogPost.tsx (client/pages/BlogPost.tsx:139)
- Added HTML sanitization in AdminBlogEditor.tsx preview (client/components/admin/AdminBlogEditor.tsx:273)
Security impact: HIGH - Previously, unsanitized HTML from the API could
execute arbitrary JavaScript, potentially stealing user credentials or
performing unauthorized actions.
Update Vite configuration to use port 5000 and host 0.0.0.0 for Replit compatibility, adjust fs.allow and fs.deny settings for improved security, and add a replit.md documentation file.
Replit-Commit-Author: Agent
Replit-Commit-Session-Id: 9203795e-937a-4306-b81d-b4d5c78c240e
Replit-Commit-Checkpoint-Type: intermediate_checkpoint
Replit-Commit-Event-Id: 03255903-d5eb-4d8a-aaac-72c01c2fedf6
Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/7c94b7a0-29c7-4f2e-94ef-44b2153872b7/9203795e-937a-4306-b81d-b4d5c78c240e/dxDbFOs
Replit-Helium-Checkpoint-Created: true
