iven
931edc3025
fix(security): 补全 XSS sanitize + 修复 sender_id 身份伪造
安全审计修复:
- 补全 6 个 DTO 的 sanitize 方法(diagnosis/consent/alert/medication_record/medication_reminder/follow_up_template)
- 4 个 handler 添加 .sanitize() 调用(diagnosis/consent/alert_rule/medication_record)
- 修复咨询消息 sender_id/sender_role 从客户端提交改为服务端从 JWT 提取
- 修复小程序 AI 报告 markdownToHtml XSS(添加 sanitizeHtml 过滤)
2026-04-30 10:21:52 +08:00
..
2026-04-29 17:00:24 +08:00
2026-04-28 11:23:53 +08:00
2026-04-28 18:31:01 +08:00
2026-04-30 10:21:05 +08:00
2026-04-30 08:24:20 +08:00
2026-04-30 10:21:52 +08:00
2026-04-30 08:31:12 +08:00
2026-04-26 19:52:42 +08:00
2026-04-28 12:12:47 +08:00
2026-04-19 00:56:32 +08:00
2026-04-20 09:35:27 +08:00
2026-04-19 00:56:32 +08:00
2026-04-20 09:35:27 +08:00
2026-04-27 12:34:52 +08:00
2026-04-15 00:49:20 +08:00
2026-04-30 10:21:05 +08:00
2026-04-28 18:04:06 +08:00