Skip to content

feat(security): implement robust XSS sanitization and checksum-valida…#230

Merged
GoSTEAN merged 9 commits intoNetwalls:mainfrom
dannyy2000:security/input-sanitization-audit-135
Feb 27, 2026
Merged

feat(security): implement robust XSS sanitization and checksum-valida…#230
GoSTEAN merged 9 commits intoNetwalls:mainfrom
dannyy2000:security/input-sanitization-audit-135

Conversation

@dannyy2000
Copy link
Contributor

@dannyy2000 dannyy2000 commented Feb 25, 2026

XSS Sanitization: Implemented robust HTML stripping for market titles, descriptions, and user profile fields.
Stellar Address Security: Updated validation to include cryptographic checksum verification using the Stellar SDK.
Standardized Validation: Enforced strict Zod schemas on all trading routes, removing manual and inconsistent checks.
Local Verification: All local checks passed (Lint, Typecheck, and a new security test suite with 13 cases).

closes #135

@dannyy2000
feat(security): implement robust XSS sanitization and checksum-valida…
6f63db1 
…ted Stellar addresses closes Netwalls#135
@dannyy2000
fix(tests): update test fixtures to match new XSS/Stellar validation …
6dc48b7 
…rules

- Replace invalid Stellar key GA5XIGA... with a checksummed valid key
  GAMCVGJF... across validation.schemas, validation.middleware, and
  integration tests (the new stellarAddress schema now validates checksum)
- Replace non-UUID market IDs (market-1, test-market-id) with valid UUIDs
  in trading integration tests (uuidParam now validates route params)
- Change numeric amount/shares fields to strings in buy/sell tests to
  match schema expectations (amountUsdc, minShares, shares, minPayout)
@dannyy2000
Merge branch 'main' into security/input-sanitization-audit-135
c547d8e
@dannyy2000
chore: fix CI blockers - backend formatting and frontend scripts
63d4532
@dannyy2000
test: fix integration tests by using valid Stellar public keys
21230a2
@dannyy2000
Copy link
Contributor Author

dannyy2000 commented Feb 26, 2026

@GoSTEAN please merge

@GoSTEAN
Copy link
Contributor

GoSTEAN commented Feb 26, 2026

@dannyy2000 Resolve conflict

@dannyy2000
Copy link
Contributor Author

dannyy2000 commented Feb 27, 2026

@dannyy2000 Resolve conflict

resolved and ci passing, please merge

@GoSTEAN GoSTEAN merged commit fb7d425 into Netwalls:main Feb 27, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Security] Input sanitization audit

2 participants

@dannyy2000 @GoSTEAN