**Enhanced Visual Mode:**
- Add paste event handler that preserves HTML formatting when pasting
- Integrate with shared sanitization configuration for consistent filtering
- Preload sanitization config for optimal performance
- Support for bold, italic, and other basic formatting in visual mode
**Updated Sanitization Config:**
- Add more useful HTML tags: kbd, samp, var, details, summary, colgroup, col
- Add attributes for better table support: start, type for ol
- Add style attributes for more elements: table, ul, ol, li, blockquote, pre, code
- Maintain security while allowing richer content formatting
**User Experience:**
- Users can now paste formatted content (bold, italic, lists, etc.) in visual mode
- Content is automatically sanitized using backend configuration
- Updated help text to reflect new capabilities
- Maintains backward compatibility with plain text input
**Technical Improvements:**
- Async clipboard API support with fallbacks
- Error handling for paste operations
- Consistent sanitization between manual input and paste operations
Resolves issue where pasted formatted content was stripped to plain text in visual mode.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
**Backend Changes:**
- Add html-sanitization-config.json with allowedTags, allowedAttributes, and allowedCssProperties
- Create HtmlSanitizationConfigDto for configuration data transfer
- Update HtmlSanitizationService to load configuration from JSON file with fallback
- Add HtmlSanitizationController with public API endpoint at /api/config/html-sanitization
- Update SecurityConfig to allow public access to /api/config/** endpoints
**Frontend Changes:**
- Add configApi.getHtmlSanitizationConfig() to fetch backend configuration
- Create sanitization.ts utility with sanitizeHtml() and sanitizeHtmlSync() functions
- Update story reading page to use shared sanitization configuration
- Add preloadSanitizationConfig() for early configuration loading
- Handle TrustedHTML type conversion and DOMPurify config compatibility
**Benefits:**
- Consistent HTML sanitization rules between frontend and backend
- Centralized configuration in JSON file for easy maintenance
- Automatic fallback to safe defaults if configuration loading fails
- API-driven approach allows runtime configuration updates
- Maintains security while providing flexibility for content formatting
Resolves HTML sanitization inconsistencies and provides foundation for configurable content safety rules.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add STORYCOVE_CORS_ALLOWED_ORIGINS environment variable to docker-compose.yml
- Include production domain https://storycove.sharyavin.synology.me in allowed origins
- Update SecurityConfig to read from environment variable with fallback
- Maintains localhost support for development while enabling production access
- Fixes "Invalid CORS request" error on deployed application
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Double all $ characters in nginx config ($$host, $$http_upgrade, etc.)
- Prevents Docker Compose from interpreting nginx vars as environment variables
- Fixes "invalid number of arguments in proxy_set_header directive" error
- Ensures proper nginx variable passing in embedded config
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Remove quotes from Connection header value to fix nginx parsing error
- Simplify Cache-Control header to avoid argument parsing issues
- Clean up embedded nginx config formatting for better compatibility
- Resolves "invalid number of arguments in proxy_set_header directive" error
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
