[qa] fix : QnA XSS sanitize 누락, 운영진 role 판별 오류, 필터 상태 불일치 수정

HA-SEUNG-JEONG · claude · HA-SEUNG-JEONG · commit eb21daca751b · 2026-05-21T22:24:25.000+09:00
Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/src/app/(class-lesson)/class/[slug]/lesson/[id]/_components/lesson-qna-detail-modal.tsx b/src/app/(class-lesson)/class/[slug]/lesson/[id]/_components/lesson-qna-detail-modal.tsx
@@ -1,5 +1,6 @@
 'use client';
 
+import DOMPurify from 'dompurify';
 import {
   Heart,
   HelpCircle,
@@ -79,11 +80,14 @@ function HtmlContent({ html }: { html: string }) {
     );
   }
 
+  const sanitized =
+    typeof window !== 'undefined' ? DOMPurify.sanitize(html) : html;
   return (
     <div className="tiptap-editor">
       <div
         className="tiptap font-designer-16r leading-relaxed text-gray-800"
-        dangerouslySetInnerHTML={{ __html: html }}
+        // biome-ignore lint/security/noDangerouslySetInnerHtml: DOMPurify sanitized
+        dangerouslySetInnerHTML={{ __html: sanitized }}
       />
     </div>
   );
diff --git a/src/app/(class-lesson)/class/[slug]/lesson/[id]/page.tsx b/src/app/(class-lesson)/class/[slug]/lesson/[id]/page.tsx
@@ -111,7 +111,11 @@ export default function LessonPage({
   const isLastLesson = useMemo(() => {
     const allLessons = drawerChapters.flatMap((c) => c.lessons);
     if (allLessons.length === 0) return false;
-    return allLessons[allLessons.length - 1].lessonId === lessonId;
+    const isLast = allLessons.at(-1)?.lessonId === lessonId;
+    const allOthersCompleted = allLessons.every(
+      (l) => l.lessonId === lessonId || l.status === 'COMPLETED',
+    );
+    return isLast && allOthersCompleted;
   }, [drawerChapters, lessonId]);
 
   const alreadySubmitted = lesson?.retrospectiveSubmitted ?? false;
diff --git a/src/app/(landing)/class/[slug]/(learning)/_components/feed-tab.tsx b/src/app/(landing)/class/[slug]/(learning)/_components/feed-tab.tsx
@@ -4,7 +4,7 @@ import { ChevronDown } from 'lucide-react';
 import dynamic from 'next/dynamic';
 import Link from 'next/link';
 import { useParams } from 'next/navigation';
-import { useMemo, useState } from 'react';
+import { useEffect, useMemo, useState } from 'react';
 import { cn } from '@/components/common/ui/(shadcn)/lib/utils';
 import { PlanSelectionModal } from '@/components/pages/class/plan-selection-modal';
 import { useAuth } from '@/features/auth/model/use-auth';
@@ -70,6 +70,13 @@ export function FeedTab() {
   });
   const hasOperatorPick = (operatorPickProbe?.totalCount ?? 0) > 0;
 
+  useEffect(() => {
+    if (!hasOperatorPick && filter === '운영자 PICK') {
+      setFilter('전체');
+      setCurrentPage(0);
+    }
+  }, [hasOperatorPick, filter]);
+
   const filterOptions: FeedFilter[] = [
     '전체',
     ...(hasOperatorPick ? (['운영자 PICK'] as FeedFilter[]) : []),
diff --git a/src/app/(landing)/class/[slug]/(learning)/_components/qna-tab.tsx b/src/app/(landing)/class/[slug]/(learning)/_components/qna-tab.tsx
@@ -200,7 +200,7 @@ export function QnaTab() {
                   className={cn(
                     'flex items-center gap-50 rounded-full border px-250 py-125 font-designer-14m',
                     q.answerStatus === 'ANSWERED'
-                      ? 'border-[#02c76e] bg-[#dafbe7] text-[#02c76e]'
+                      ? 'border-qna-answered bg-qna-answered-bg text-qna-answered'
                       : 'border-border-subtle text-gray-500',
                   )}
                 >
diff --git a/src/app/(landing)/class/[slug]/(learning)/feed/[id]/page.tsx b/src/app/(landing)/class/[slug]/(learning)/feed/[id]/page.tsx
@@ -432,7 +432,8 @@ export default function FeedDetailPage({
             {/* Comments */}
             <div className="mt-400 space-y-300">
               {(commentsData?.comments ?? []).map((c) => {
-                const isOperator = c.author.role === '운영진';
+                const isOperator =
+                  c.author.role === 'MANAGER' || c.author.role === 'ADMIN';
                 const isCommentAuthor =
                   memberId !== undefined && c.author.memberId === memberId;
                 const isMenuOpen = commentMenuOpenId === c.commentId;
@@ -560,7 +561,9 @@ export default function FeedDetailPage({
                     {c.replies.length > 0 && (
                       <div className="ml-575 mt-200 space-y-200">
                         {c.replies.map((r) => {
-                          const isReplyOperator = r.author.role === '운영진';
+                          const isReplyOperator =
+                            r.author.role === 'MANAGER' ||
+                            r.author.role === 'ADMIN';
                           const contentParts = r.content.startsWith('@')
                             ? (() => {
                                 const spaceIdx = r.content.indexOf(' ');
diff --git a/src/app/(landing)/class/[slug]/(learning)/qa/[id]/page.tsx b/src/app/(landing)/class/[slug]/(learning)/qa/[id]/page.tsx
@@ -1,5 +1,6 @@
 'use client';
 
+import DOMPurify from 'dompurify';
 import {
   ArrowLeft,
   Heart,
@@ -56,11 +57,14 @@ function HtmlContent({ html }: { html: string }) {
     );
   }
 
+  const sanitized =
+    typeof window !== 'undefined' ? DOMPurify.sanitize(html) : html;
   return (
     <div className="tiptap-editor">
       <div
         className="tiptap font-designer-16r leading-relaxed text-gray-800"
-        dangerouslySetInnerHTML={{ __html: html }}
+        // biome-ignore lint/security/noDangerouslySetInnerHtml: DOMPurify sanitized
+        dangerouslySetInnerHTML={{ __html: sanitized }}
       />
     </div>
   );

Original file line number	Diff line number	Diff line change
`@@ -200,7 +200,7 @@ export function QnaTab() {`
`200`	`200`	`className={cn(`
`201`	`201`	`'flex items-center gap-50 rounded-full border px-250 py-125 font-designer-14m',`
`202`	`202`	`q.answerStatus === 'ANSWERED'`
`203`		`- ? 'border-[#02c76e] bg-[#dafbe7] text-[#02c76e]'`
	`203`	`+ ? 'border-qna-answered bg-qna-answered-bg text-qna-answered'`
`204`	`204`	`: 'border-border-subtle text-gray-500',`
`205`	`205`	`)}`
`206`	`206`	`>`