Add comprehensive XSS security tests for frontend

.github/workflows/xss-security-tests.yml

@@ -0,0 +1,109 @@
+name: XSS Security Tests
+
+on:
+  push:
+    branches: [ main, develop ]
+    paths:
+      - 'frontend/**'
+      - '.github/workflows/xss-security-tests.yml'
+  pull_request:
+    branches: [ main, develop ]
+    paths:
+      - 'frontend/**'
+  schedule:
+    # Run daily at 2 AM UTC
+    - cron: '0 2 * * *'
+  workflow_dispatch:
+
+jobs:
+  xss-security-tests:
+    name: Run XSS Security Tests
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+
+    strategy:
+      fail-fast: false
+      matrix:
+        browser: [chromium, firefox, webkit]
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '18'
+          cache: 'npm'
+          cache-dependency-path: frontend/package-lock.json
+
+      - name: Install dependencies
+        working-directory: frontend
+        run: npm ci
+
+      - name: Install Playwright Browsers
+        working-directory: frontend
+        run: npx playwright install --with-deps ${{ matrix.browser }}
+
+      - name: Run XSS Security Tests
+        working-directory: frontend
+        run: npx playwright test --project=${{ matrix.browser }} xss-security
+        env:
+          CI: true
+
+      - name: Upload test results
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: playwright-results-${{ matrix.browser }}
+          path: frontend/test-results/
+          retention-days: 30
+
+      - name: Upload Playwright report
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: playwright-report-${{ matrix.browser }}
+          path: frontend/playwright-report/
+          retention-days: 30
+
+      - name: Comment PR with results
+        if: github.event_name == 'pull_request' && failure()
+        uses: actions/github-script@v7
+        with:
+          script: |
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: '⚠️ XSS Security tests failed on ${{ matrix.browser }}. Please review the test results.'
+            })
+
+  security-summary:
+    name: Security Test Summary
+    runs-on: ubuntu-latest
+    needs: xss-security-tests
+    if: always()
+
+    steps:
+      - name: Check test results
+        run: |
+          if [ "${{ needs.xss-security-tests.result }}" == "failure" ]; then
+            echo "❌ XSS Security tests failed"
+            exit 1
+          else
+            echo "✅ All XSS Security tests passed"
+          fi
+
+      - name: Create security badge
+        if: github.ref == 'refs/heads/main'
+        run: |
+          echo "Security tests: PASSED" > security-status.txt
+
+      - name: Upload security status
+        if: github.ref == 'refs/heads/main'
+        uses: actions/upload-artifact@v4
+        with:
+          name: security-status
+          path: security-status.txt
+          retention-days: 1