Three high-risk security issues were found in the project during code audit (the code injection risk of packaged static files is a false positive and no processing is required)

[zcxlighthouse]

Disabling certificate validation (CWE-295) : The general Postman utility library disables HTTPS certificate validation, causing all HTTPS requests dependent on this library to skip certificate validity verification, making it vulnerable to man-in-the-middle attacks;
Client-side XSS (CWE-79) : The Wiki plugin uses React's dangerouslySetInnerHTML to directly render user-input content without any filtering/escaping. Attackers can inject malicious scripts to steal user information;
Inefficient regular expression (CWE-400) : The email validation regular expression on the login/registration page has a nested repeated matching structure. Maliciously constructed ultra-long email inputs will trigger exponential backtracking, leading to front-end page freezes and crashes, affecting user experience and system availability.