[TESTING] Write security tests for XSS vulnerabilities

[dev-fatima-24]

Priority: high

Description

User-supplied data (vaccine names, wallet addresses) is rendered in the frontend. Tests should verify that XSS payloads are sanitized and not executed.

Acceptance Criteria

• Test: vaccine name containing <script>alert(1)</script> is rendered as text, not executed
• Test: wallet address containing HTML entities is escaped correctly
• Test: NFTCard does not use dangerouslySetInnerHTML with unsanitized data
• Test: API responses containing script tags are not executed when rendered
• Tests run in a real browser environment (Playwright or Cypress)

[Harbduls]

@Harbduls has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

Please allow me to work on this maintainer , I can fix this

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Harbduls to this issue.

[drips-wave]

Congratulations, @Harbduls! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 2, 2026.

🧑‍💻 @Harbduls: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊