Skip to content

Secure CMS embeds and browser content policies #575

Description

@kelvinkipruto

Parent

#572

What to build

Replace unrestricted CMS-controlled active content with structured, allowlisted embed configuration. Any unavoidable HTML is sanitized, iframes are constrained, browser security headers limit impact, and the promise-update experience uses an accessible modal.

Acceptance criteria

  • Newsletter and promise-update embeds use structured provider/origin configuration instead of unrestricted raw HTML wherever possible.
  • Remaining HTML is sanitized against script, event-handler, form, and unsafe-URL injection.
  • Iframe origins are allowlisted and iframe sandbox and allow capabilities are minimal and documented.
  • A tested CSP and baseline security headers support MUI/Emotion, Payload Admin, Sentry, media, and only approved embeds.
  • The update experience renders inside a real labelled MUI Dialog with focus trapping, Escape handling, and focus restoration.
  • Security and Playwright tests cover rejected embeds and keyboard/screen-reader modal behavior.

Blocked by

None - can start immediately.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions