boha_admin/app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 26 Wiki Activity

fix: code review — XSS, type safety, validation improvements

Browse Source 
Critical:
- InvoiceDetail: sanitize notes HTML with DOMPurify
- OrderDetail: use proper DOMPurify import instead of window fallback

Important:
- AttendanceBalances: add fund_to_date to interface, remove as-any casts
- All schemas: replace z.any() with z.preprocess for boolean fields
- Routes: simplify boolean coercion (Zod handles it now)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
BOHA
2026-03-24 20:13:20 +01:00
parent 3c167cf5c4
commit 106606f3fa
17 changed files with 63 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/routes/admin/bank-accounts.ts
View File

@@ -41,9 +41,7 @@ export default async function bankAccountsRoutes(
bic: body.bic ? String(body.bic) : null,
currency: body.currency ? String(body.currency) : "CZK",
is_default:
body.is_default === true ||
body.is_default === 1 ||
body.is_default === "1",
!!body.is_default,
position: body.position ? Number(body.position) : 0,
},
});
@@ -110,9 +108,7 @@ export default async function bankAccountsRoutes(
body.currency !== undefined ? String(body.currency) : undefined,
is_default:
body.is_default !== undefined
? body.is_default === true ||
body.is_default === 1 ||
body.is_default === "1"
? !!body.is_default
: undefined,
position:
body.position !== undefined ? Number(body.position) : undefined,