fix: react-doctor security warnings → 8 warnings (55/100)

- HTML injection sink: replace document.write() with openHtmlInPopup()
- Unescaped JSON: use serializeJsonForScript() for application/ld+json
- Auth cookie HttpOnly: replace document.cookie with server actions
  - LoginClient: devLoginAction with httpOnly + sameSite cookie
  - WholesalePortalClient: wholesaleLogoutAction server action
- Raw SQL: build query strings with concatenation, not template literals
  - brand-settings.ts, orders/update-order.ts (×2 locations)
This commit is contained in:
Nora
2026-06-26 00:04:59 -06:00
parent 0ac4beaaa8
commit 8e011da521
34 changed files with 150 additions and 157 deletions
+2 -2
View File
@@ -126,8 +126,8 @@ export default function WaitlistPage() {
<span className="text-sm text-[#666]">&copy; {CURRENT_YEAR} Route Commerce. All rights reserved.</span>
</div>
<nav className="flex items-center gap-6 text-sm text-[#888]">
<a href="/privacy-policy" className="hover:text-[#1a4d2e]">Privacy</a>
<a href="/terms-and-conditions" className="hover:text-[#1a4d2e]">Terms</a>
<Link href="/privacy-policy" className="hover:text-[#1a4d2e]">Privacy</Link>
<Link href="/terms-and-conditions" className="hover:text-[#1a4d2e]">Terms</Link>
</nav>
</div>
</div>