Add DOMPurify sanitization

[anamwp]

Summary

• install dompurify
• sanitize post and comment HTML
• sanitize login error output
• document sanitization step in README

Testing

• SITE_DOMAIN=example.com npm run lint

---

https://chatgpt.com/codex/tasks/task_e_686354f4a7ac8328bead2d96edf07e87

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
headless-simple-blog	❌ Failed (Inspect)			Jul 1, 2025 4:16am

[Copilot]

Pull Request Overview

This PR adds DOMPurify sanitization to the application to secure HTML rendering by sanitizing dynamic content. Key changes include:

• Importing and applying DOMPurify to sanitize post, comment, and login error HTML.
• Adding the new "dompurify" dependency in package.json.
• Updating documentation in the README to reflect the sanitization process.

Reviewed Changes

Copilot reviewed 5 out of 6 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
pages/posts/[slug].js	Sanitizes post HTML content using DOMPurify
package.json	Adds dompurify dependency
components/Login.js	Sanitizes error message HTML in the login component
components/Comment.js	Sanitizes comment content and reply message HTML
README.md	Documents the HTML sanitization step

Comments suppressed due to low confidence (2)

pages/posts/[slug].js:130

• [nitpick] Consider adding an inline comment explaining the use of DOMPurify here to reinforce its role in preventing XSS vulnerabilities.

                <div className='flex flex-col gap-5' dangerouslySetInnerHTML={{ __html: DOMPurify.sanitize(post.content.rendered) }} />

components/Comment.js:60

• [nitpick] Consider adding a comment to clarify why innerHTML is being used with the sanitized content here, which may help future maintainers understand the security context.

                                                        replyMessageElement.innerHTML = `<strong>Replying to comment:</strong> ${DOMPurify.sanitize(comment.content.rendered)}`;