Back to Changelog
    Improvement
    March 28, 20262 min read

    Security Hardening & Vulnerability Fixes

    Settings
    Documentation

    🔧 What's Improved

    Security Scan Results

    All error-level security findings have been resolved:

    • XSS Protection: Added DOMPurify sanitization for all user-generated content rendered in the app
    • Input Validation: Added Zod schema validation to edge functions that were accepting unvalidated request bodies
    • SQL Injection Prevention: Removed raw SQL execution patterns and replaced with parameterized queries
    • CORS Hardening: Tightened allowed origins for edge function endpoints

    SEO & Crawlability Improvements

    • Updated sitemap-index.xml with 6 missing pages and corrected 3 paths
    • Added Disallow: /oauth to robots.txt to prevent indexing of auth flows
    • Fixed lastmod dates across all sitemap entries