[Security] Replace Insufficient HTML Tag Removal Regex with Robust XSS Sanitization

## Problem
The current HTML tag removal regex (`/\u003c[^\u003e]*\u003e/g`) is insufficient for XSS prevention. It does not account for:
- Encoded HTML entities
- Malformed or nested tags
- JavaScript protocol injection (e.g., `javascript:`)

This allows for potential bypasses and XSS vulnerabilities in user input.

## Suggested Solution
- **Do not rely on regex for sanitization.**
- Integrate a well-maintained HTML sanitization library (e.g., [DOMPurify](https://github.com/cure53/DOMPurify)) or a similar vetted package.
- Ensure the solution neutralizes encoded entities, malformed tags, and script-based protocol injections.
- Add automated tests for various XSS payloads and edge cases.

### References
- [OWASP XSS Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html)
- Issue Reference: #28

---
**Labels:** bug, good first issue
**Assignees:** @app/copilot-swe-agent, @mrwebwork


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Security] Replace Insufficient HTML Tag Removal Regex with Robust XSS Sanitization #29

Problem

Suggested Solution

References

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

[Security] Replace Insufficient HTML Tag Removal Regex with Robust XSS Sanitization #29

Description

Problem

Suggested Solution

References

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions