From 7b12e59f0c5a51978f4db001ec603d8805966332 Mon Sep 17 00:00:00 2001
From: jackiettran <41605212+jackiettran@users.noreply.github.com>
Date: Thu, 15 Jan 2026 15:42:30 -0500
Subject: [PATCH] sanitization to all api routes

---
 backend/server.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/backend/server.js b/backend/server.js
index b19a13f..cc56c1b 100644
--- a/backend/server.js
+++ b/backend/server.js
@@ -67,6 +67,7 @@ const {
   addRequestId,
   sanitizeError,
 } = require("./middleware/security");
+const { sanitizeInput } = require("./middleware/validation");
 const { generalLimiter } = require("./middleware/rateLimiter");
 const errorLogger = require("./middleware/errorLogger");
 const apiLogger = require("./middleware/apiLogger");
@@ -134,6 +135,9 @@ app.use(
   })
 );
 
+// Apply input sanitization to all API routes (XSS prevention)
+app.use("/api/", sanitizeInput);
+
 // Serve static files from uploads directory with CORS headers
 app.use(
   "/uploads",