Skip to content

Add comprehensive XSS security tests for frontend#409

Merged
dev-fatima-24 merged 3 commits into
dev-fatima-24:mainfrom
Harbduls:feature/xss-sanitization-tests
May 29, 2026
Merged

Add comprehensive XSS security tests for frontend#409
dev-fatima-24 merged 3 commits into
dev-fatima-24:mainfrom
Harbduls:feature/xss-sanitization-tests

Conversation

@Harbduls
Copy link
Copy Markdown
Contributor

@Harbduls Harbduls commented May 28, 2026

Closes #351

  • Implement Playwright-based XSS security test suite
  • Test vaccine names with script tags rendered as text
  • Test wallet addresses with HTML entities properly escaped
  • Verify NFTCard does not use dangerouslySetInnerHTML
  • Test API responses with malicious payloads are sanitized
  • Add test helpers and utilities for reusable XSS payloads
  • Configure Playwright for multi-browser testing (Chromium, Firefox, WebKit)
  • Add CI/CD workflow for automated security testing
  • Include comprehensive documentation and quick start guide
  • Add security checklist for developers

All acceptance criteria met:
Script tags in vaccine names rendered as text
HTML entities in wallet addresses escaped correctly
No dangerouslySetInnerHTML with unsanitized data
API responses with scripts not executed
Tests run in real browser environment

e

@Harbduls
Add comprehensive XSS security tests for frontend
334da15 
- Implement Playwright-based XSS security test suite
- Test vaccine names with script tags rendered as text
- Test wallet addresses with HTML entities properly escaped
- Verify NFTCard does not use dangerouslySetInnerHTML
- Test API responses with malicious payloads are sanitized
- Add test helpers and utilities for reusable XSS payloads
- Configure Playwright for multi-browser testing (Chromium, Firefox, WebKit)
- Add CI/CD workflow for automated security testing
- Include comprehensive documentation and quick start guide
- Add security checklist for developers

All acceptance criteria met:
 Script tags in vaccine names rendered as text
 HTML entities in wallet addresses escaped correctly
 No dangerouslySetInnerHTML with unsanitized data
 API responses with scripts not executed
 Tests run in real browser environment
@drips-wave
Copy link
Copy Markdown

drips-wave Bot commented May 28, 2026

@Harbduls Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

@dev-fatima-24 dev-fatima-24 merged commit 1859bd5 into dev-fatima-24:main May 29, 2026
3 of 18 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[TESTING] Write security tests for XSS vulnerabilities

2 participants

@Harbduls @dev-fatima-24