chore(docker): .dockerignore angepasst; lokale Build-Schritte in Rebuild-Skripten; Doku/README zu production vs production-prebuilt aktualisiert

server-dist/lib/sanitize.js

@@ -0,0 +1,34 @@
+import DOMPurify from "isomorphic-dompurify";
+/**
+ * Sanitize plain text inputs by stripping all HTML tags.
+ * Use for names, phone numbers, and simple text fields.
+ */
+export function sanitizeText(input) {
+    if (!input)
+        return "";
+    const cleaned = DOMPurify.sanitize(input, { ALLOWED_TAGS: [], ALLOWED_ATTR: [] });
+    return cleaned.trim();
+}
+/**
+ * Sanitize rich text notes allowing only a minimal, safe subset of tags.
+ * Use for free-form notes or comments where basic formatting is acceptable.
+ */
+export function sanitizeHtml(input) {
+    if (!input)
+        return "";
+    const cleaned = DOMPurify.sanitize(input, {
+        ALLOWED_TAGS: ["br", "p", "strong", "em", "u", "a", "ul", "li"],
+        ALLOWED_ATTR: ["href", "title", "target", "rel"],
+        ALLOWED_URI_REGEXP: /^(?:https?:)?\/\//i,
+        KEEP_CONTENT: true,
+    });
+    return cleaned.trim();
+}
+/**
+ * Sanitize phone numbers by stripping HTML and keeping only digits and a few symbols.
+ * Allowed characters: digits, +, -, (, ), and spaces.
+ */
+export function sanitizePhone(input) {
+    const text = sanitizeText(input);
+    return text.replace(/[^0-9+\-()\s]/g, "");
+}