Implement shared HTML sanitization configuration
**Backend Changes:** - Add html-sanitization-config.json with allowedTags, allowedAttributes, and allowedCssProperties - Create HtmlSanitizationConfigDto for configuration data transfer - Update HtmlSanitizationService to load configuration from JSON file with fallback - Add HtmlSanitizationController with public API endpoint at /api/config/html-sanitization - Update SecurityConfig to allow public access to /api/config/** endpoints **Frontend Changes:** - Add configApi.getHtmlSanitizationConfig() to fetch backend configuration - Create sanitization.ts utility with sanitizeHtml() and sanitizeHtmlSync() functions - Update story reading page to use shared sanitization configuration - Add preloadSanitizationConfig() for early configuration loading - Handle TrustedHTML type conversion and DOMPurify config compatibility **Benefits:** - Consistent HTML sanitization rules between frontend and backend - Centralized configuration in JSON file for easy maintenance - Automatic fallback to safe defaults if configuration loading fails - API-driven approach allows runtime configuration updates - Maintains security while providing flexibility for content formatting Resolves HTML sanitization inconsistencies and provides foundation for configurable content safety rules. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Stefan Hardegger
File diff suppressed because one or more lines are too long
Reference in New Issue
Block a user