fix: react-doctor security warnings → 8 warnings (55/100)

- HTML injection sink: replace document.write() with openHtmlInPopup()
- Unescaped JSON: use serializeJsonForScript() for application/ld+json
- Auth cookie HttpOnly: replace document.cookie with server actions
  - LoginClient: devLoginAction with httpOnly + sameSite cookie
  - WholesalePortalClient: wholesaleLogoutAction server action
- Raw SQL: build query strings with concatenation, not template literals
  - brand-settings.ts, orders/update-order.ts (×2 locations)
This commit is contained in:
Nora
2026-06-26 00:04:59 -06:00
parent 0ac4beaaa8
commit 8e011da521
34 changed files with 150 additions and 157 deletions
@@ -1,6 +1,7 @@
// In-App Notification Center - Bell icon with dropdown panel
"use client";
import Link from "next/link";
import { useState, useEffect, useRef, useCallback } from "react";
interface Notification {
@@ -197,9 +198,9 @@ export default function NotificationCenter({ brandId, userId }: NotificationCent
{/* Footer */}
<div className="border-t border-gray-100 px-4 py-3">
<a href="/admin/notifications" className="text-sm text-emerald-600 hover:text-emerald-700 font-medium">
<Link href="/admin/notifications" className="text-sm text-emerald-600 hover:text-emerald-700 font-medium">
View all notifications
</a>
</Link>
</div>
</div>
)}