Skip to content

HTML sanitization for rich-text content #6513

Description

@seanmalbert
  • General
  • Backend
  • Public
  • Partners

Background / Issue

JurisdictionContent rich-text bodies are admin-authored HTML, so stored HTML must be sanitized to
prevent stored XSS. This is a precondition for enabling the structured-content editor for any
jurisdiction.

Technical Context

Acceptance Criteria

  • A documented tag/attribute allowlist is enforced on write; a payload with disallowed tags/attrs
    (including javascript: link targets) is stripped or rejected.
  • Render passes stored HTML through the sanitizer as a defense-in-depth step.
  • The sanitizer is in place before enableDbDrivenContent is flipped on for any jurisdiction.

QA Notes

Backend/shared. Test known XSS vectors (script tags, on* handlers, javascript: hrefs, disallowed
tags) are removed on write and render; confirm allowed formatting survives.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions