Bugfixes

frontend/src/lib/sanitization.ts

@@ -165,20 +165,37 @@ export function sanitizeHtmlSync(html: string): string {
   console.log('Using fallback sanitization configuration with formatting support');
   const fallbackConfig: DOMPurify.Config = {
     ALLOWED_TAGS: [
-      'p', 'br', 'div', 'span', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6',
+      // Basic block elements
+      'p', 'br', 'div', 'span', 'section', 'article',
+      // Headers
+      'h1', 'h2', 'h3', 'h4', 'h5', 'h6',
+      // Text formatting
       'b', 'strong', 'i', 'em', 'u', 's', 'strike', 'del', 'ins',
-      'sup', 'sub', 'small', 'big', 'mark', 'pre', 'code', 'kbd', 'samp', 'var',
-      'ul', 'ol', 'li', 'dl', 'dt', 'dd', 'a',
+      'sup', 'sub', 'small', 'big', 'mark', 'abbr', 'dfn',
+      // Code and preformatted
+      'pre', 'code', 'kbd', 'samp', 'var', 'tt',
+      // Lists
+      'ul', 'ol', 'li', 'dl', 'dt', 'dd',
+      // Links (but href will be removed by backend config)
+      'a',
+      // Tables
       'table', 'thead', 'tbody', 'tfoot', 'tr', 'th', 'td', 'caption', 'colgroup', 'col',
-      'blockquote', 'cite', 'q', 'hr', 'details', 'summary'
+      // Quotes and misc
+      'blockquote', 'cite', 'q', 'hr', 'details', 'summary',
+      // Common website elements that might have formatting
+      'font', 'center'
     ],
     ALLOWED_ATTR: [
-      'class', 'style', 'colspan', 'rowspan'
+      'class', 'style', 'colspan', 'rowspan', 'align', 'valign',
+      // Font attributes (though deprecated, websites still use them)
+      'color', 'size', 'face'
     ],
     ALLOW_UNKNOWN_PROTOCOLS: false,
     SANITIZE_DOM: true,
     KEEP_CONTENT: true,
     ALLOW_DATA_ATTR: false,
+    // Don't strip style attributes completely - let them through for basic formatting
+    FORBID_ATTR: [],
   };
   
   return DOMPurify.sanitize(html, fallbackConfig as any).toString();