feat: implement input sanitization and xss defense

[bytebinders]

Description

This PR introduces a comprehensive XSS (Cross-Site Scripting) defense layer across the backend.

Key Changes

• Global Input Sanitization

  • Integrated the xss library to sanitize all untrusted incoming request data.
  • Implemented as an Express middleware:
    • req.body
    • req.query
    • req.params
  • Location: src/middleware/sanitize.ts

• Safe Output Encoding Utilities

  • Added utility functions for explicit HTML entity encoding to safely escape strings when needed.
  • Location: src/utils/encode.ts

• Security Documentation

  • Added and documented backend security standards for XSS prevention.
  • Includes rationale, assumptions, and best practices for handling untrusted data.
  • Location: docs/backend/security.md

Why

To ensure consistent and centralized protection against XSS attacks by:

• Sanitizing all incoming data at the entry point
• Providing safe utilities for controlled output encoding
• Establishing clear security guidelines for future development

Impact

• Reduces risk of XSS vulnerabilities across the application
• Improves codebase security consistency
• Makes security practices explicit and easier to follow

Closes #84

[drips-wave]

@bytebinders Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

[bytebinders]

closes #84

[bytebinders]

closes #84

[bytebinders]

hi @mikewheeleer Help.