novalon/novalon-website
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(security,quality): implement security and code quality optimizations

Browse Source 
Phase 6: Security Optimizations
- Install DOMPurify for XSS protection
- Create sanitize utilities (HTML, input, URL, escape)
- Implement input sanitization in contact form
- Add CSRF token generation and validation
- Integrate CSRF protection in form submissions

Phase 7: Code Quality Optimizations
- Enhance TypeScript strict mode configuration
- Add noUncheckedIndexedAccess for safer array access
- Enable noImplicitReturns and noFallthroughCasesInSwitch
- Add noUnusedLocals and noUnusedParameters
- Enable exactOptionalPropertyTypes for precise types
- Configure comprehensive ESLint rules
- Add React security rules (no-unescaped-entities, jsx-no-target-blank)
- Add TypeScript best practices rules
- Add code quality rules (prefer-const, eqeqeq, curly)

Files modified:
- package.json: Add DOMPurify dependency
- src/lib/sanitize.ts: New sanitization utilities
- src/lib/csrf.ts: New CSRF protection utilities
- src/components/sections/contact-section.tsx: Security integration
- tsconfig.json: Enhanced TypeScript configuration
- eslint.config.mjs: Comprehensive ESLint rules

Impact:
- XSS attack prevention
- CSRF attack prevention
- Better type safety
- Improved code quality
- Financial-grade security standards
This commit is contained in:
张翔
2026-02-24 07:08:39 +08:00
parent 81d4f21a7d
commit 64165c4499
7 changed files with 152 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
eslint.config.mjs
+26 -2
View File
@@ -5,14 +5,38 @@ import nextTs from "eslint-config-next/typescript";
const eslintConfig = defineConfig([
...nextVitals,
...nextTs,
// Override default ignores of eslint-config-next.
globalIgnores([
// Default ignores of eslint-config-next:
".next/**",
"out/**",
"build/**",
"next-env.d.ts",
]),
{
rules: {
"react/no-unescaped-entities": "error",
"react/jsx-no-target-blank": "error",
"react/jsx-curly-brace-presence": ["error", { "props": "never", "children": "never" }],
"react/self-closing-comp": "error",
"react/jsx-boolean-value": ["error", "never"],
"@typescript-eslint/no-unused-vars": ["error", {
"argsIgnorePattern": "^_",
"varsIgnorePattern": "^_"
}],
"@typescript-eslint/explicit-function-return-type": "off",
"@typescript-eslint/no-explicit-any": "warn",
"@typescript-eslint/prefer-nullish-coalescing": "error",
"@typescript-eslint/prefer-optional-chain": "error",
"@typescript-eslint/no-unnecessary-condition": "warn",
"no-console": ["warn", { "allow": ["warn", "error"] }],
"prefer-const": "error",
"no-var": "error",
"eqeqeq": ["error", "always"],
"curly": ["error", "all"],
"no-throw-literal": "error",
"no-return-await": "error",
"prefer-promise-reject-errors": "error",
},
},
]);
export default eslintConfig;