pediatric-ai-scribe-v3/public/components
Daniel 9961688bfa feat(notes): trash + restore + DOMPurify sanitizer + 9 contract tests
Soft-delete for notes — Daniel asked for "deleted notes go to trash"
so a slip of the finger doesn't lose work.

Schema: migrations/1777090000000_notes-trash.js adds a deleted_at
timestamptz column to personal_notes (NULL = active) plus an index
on (user_id, deleted_at).

Server (src/routes/notes.js):
  GET    /api/notes              now filters deleted_at IS NULL
  GET    /api/notes/trash        new — list trashed items, newest-
                                  deleted first
  DELETE /api/notes/:id          now soft-deletes (sets deleted_at)
  DELETE /api/notes/:id?hard=1   hard-delete, only allowed on items
                                  already in trash (UI bug can't
                                  erase an active note)
  POST   /api/notes/:id/restore  pull a note out of trash
  POST   /api/notes/trash/empty  hard-delete every trashed note for
                                  the user

Frontend (public/components/notes.html + public/js/notes.js +
public/css/styles.css):
  • Sidebar gets two tabs — "Notes" / "Trash (n)" with live count
  • Trash tab shows deleted-at timestamps, Restore + delete-forever
    per row, Empty-trash button at the bottom
  • Active list and trash count refresh in parallel after every
    save / delete / restore
  • Delete button in the editor now says "Move to trash" and uses
    the showConfirm helper (no native dialogs)

Sanitizer swap (public/js/notes.js):
  Replaced the homegrown allowlist walker with DOMPurify (already
  loaded from cdnjs in index.html, used by learningHub.js too).
  Custom HTML sanitizers historically have bypasses; DOMPurify is
  the right primitive.

Tests (test/notes-sanitize.test.js — node:test + jsdom + dompurify
       as new dev deps):
  9 contract tests covering script-tag stripping, inline event
  handlers, img onerror, iframe/object, style attributes, every
  preserved tag in the allowlist, javascript: URI rejection,
  null/undefined input, and nested-script-inside-paragraph. Total
  test count: 37 → 46 passing.

SW cache bumped to pedscribe-v12-notes5.
2026-04-25 01:02:49 +02:00
..
admin.html Replace all browser dialogs with modern modal, add OIDC admin UI 2026-04-09 02:43:23 +02:00
bedside.html feat(nav): promote Bedside to its own tab; reorganise sidebar sections 2026-04-23 18:58:38 +02:00
calculators.html fix(nav): move image lightbox to index.html so NRP + seizure pathways 2026-04-23 18:58:38 +02:00
catchup.html Fix quiz SQL bug, security hardening, componentize HTML, speed improvements 2026-03-23 20:01:54 -04:00
chart.html v10: Local Whisper transcription, bigger text areas, flexible AI memory 2026-03-28 22:00:30 +00:00
cms.html v6.1: Turnstile bot protection, LiteLLM provider, PPTX tables, audio backup fixes, docs 2026-04-04 22:56:24 +02:00
dictation.html v10: Local Whisper transcription, bigger text areas, flexible AI memory 2026-03-28 22:00:30 +00:00
encounter.html Fix TTS axios/Vertex, generic toast, add stop button to encounter 2026-03-29 22:09:56 -04:00
extensions.html feat(extensions): personal Pagers & Extensions directory with soft-delete 2026-04-22 18:54:26 +02:00
faq.html Add automatic ICD-10 and CPT billing code suggestions 2026-04-11 01:50:17 +02:00
hospital.html v10: Local Whisper transcription, bigger text areas, flexible AI memory 2026-03-28 22:00:30 +00:00
learning.html Render presentations as slides in Learning Hub viewer 2026-03-24 03:04:14 -04:00
notes.html feat(notes): trash + restore + DOMPurify sanitizer + 9 contract tests 2026-04-25 01:02:49 +02:00
pe-guide.html feat(pe-guide): Cardiovascular system with APTM auscultation SVG 2026-04-22 20:15:08 +02:00
settings.html Hide Active Sessions for SSO-only users 2026-04-14 05:07:07 +02:00
sickvisit.html v6.2: Session management, password change, audit logging, refine context, UI fixes 2026-04-08 20:27:45 +02:00
soap.html Add pause/stop buttons to SOAP note recording 2026-04-11 05:19:12 +02:00
vaxschedule.html Fix quiz SQL bug, security hardening, componentize HTML, speed improvements 2026-03-23 20:01:54 -04:00
wellvisit.html v6.2: Session management, password change, audit logging, refine context, UI fixes 2026-04-08 20:27:45 +02:00