boha_admin/app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 26 Wiki Activity

fix: code review — XSS, type safety, validation improvements

Browse Source 
Critical:
- InvoiceDetail: sanitize notes HTML with DOMPurify
- OrderDetail: use proper DOMPurify import instead of window fallback

Important:
- AttendanceBalances: add fund_to_date to interface, remove as-any casts
- All schemas: replace z.any() with z.preprocess for boolean fields
- Routes: simplify boolean coercion (Zod handles it now)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
BOHA
2026-03-24 20:13:20 +01:00
parent 3c167cf5c4
commit 106606f3fa
17 changed files with 63 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
package.json
View File

@@ -36,6 +36,7 @@
"@prisma/client": "^6.19.2",
"bcryptjs": "^3.0.3",
"date-fns": "^4.1.0",
"dompurify": "^3.3.3",
"dotenv": "^17.3.1",
"fastify": "^5.8.2",
"file-type": "^16.5.4",
@@ -55,6 +56,7 @@
},
"devDependencies": {
"@types/bcryptjs": "^2.4.6",
"@types/dompurify": "^3.0.5",
"@types/jsonwebtoken": "^9.0.10",
"@types/mysql": "^2.15.27",
"@types/node": "^25.5.0",