updates

2025-12-01 06:50:10 +02:00
parent 91f51bc6fe
commit 62c1fe5951
4682 changed files with 544807 additions and 31208 deletions
--- a/Frontend/src/features/content/pages/PrivacyPolicyPage.tsx
+++ b/Frontend/src/features/content/pages/PrivacyPolicyPage.tsx
@@ -5,7 +5,7 @@ import pageContentService from '../services/pageContentService';
 import type { PageContent } from '../services/pageContentService';
 import { useCompanySettings } from '../../../shared/contexts/CompanySettingsContext';
 import Loading from '../../../shared/components/Loading';
-import { createSanitizedHtml } from '../../../shared/utils/htmlSanitizer';
+import { createSanitizedHtml, sanitizeHtml } from '../../../shared/utils/htmlSanitizer';

 const PrivacyPolicyPage: React.FC = () => {
  const { settings } = useCompanySettings();
@@ -22,9 +22,11 @@ const PrivacyPolicyPage: React.FC = () => {
          
          // Process HTML content to ensure text is visible
          if (content.content) {
+            // SECURITY: Sanitize HTML before assigning to innerHTML to prevent XSS
+            const sanitizedContent = sanitizeHtml(content.content);
            // Create a temporary div to parse HTML
            const tempDiv = document.createElement('div');
-            tempDiv.innerHTML = content.content;
+            tempDiv.innerHTML = sanitizedContent;
            
            // Add color styles to elements that don't have them
            const allElements = tempDiv.querySelectorAll('*');
@@ -169,16 +171,27 @@ const PrivacyPolicyPage: React.FC = () => {
        </div>

        {/* Footer Note */}
-        {settings.company_email && (
-          <div className="mt-8 text-center">
-            <p className="text-sm text-gray-400 font-light">
-              For questions about this policy, contact us at{' '}
-              <a href={`mailto:${settings.company_email}`} className="text-[#d4af37] hover:underline">
-                {settings.company_email}
-              </a>
-            </p>
+        <div className="mt-8 space-y-4">
+          {settings.company_email && (
+            <div className="text-center">
+              <p className="text-sm text-gray-400 font-light">
+                For questions about this policy, contact us at{' '}
+                <a href={`mailto:${settings.company_email}`} className="text-[#d4af37] hover:underline">
+                  {settings.company_email}
+                </a>
+              </p>
+            </div>
+          )}
+          <div className="text-center">
+            <Link
+              to="/gdpr"
+              className="inline-flex items-center gap-2 text-sm text-[#d4af37] hover:text-[#f5d76e] transition-colors font-light"
+            >
+              <Shield className="w-4 h-4" />
+              <span>Manage Your Data Privacy (GDPR)</span>
+            </Link>
          </div>
-        )}
+        </div>
      </div>
    </div>
  );