steven-tey/novel

I ran a production-readiness audit on my project and found the following issues. Please fix all of them: 1. I have a potential XSS vulnerability in packages/headless/src/extensions/mathematics.ts at line 171 using unsafe DOM manipulation. Please refactor to avoid dangerouslySetInnerHTML, innerHTML, eval(), and document.write(). If HTML rendering is truly needed, use a sanitization library like DOMPurify and sanitize all content before rendering. 2. My project has no tests at all. Please set up a testing framework (vitest) and create initial tests for the most critical functionality. Start with: 1) Unit tests for core business logic, 2) Integration tests for API endpoints, 3) Component tests for key UI components. Set up a test script in package.json. 3. My project has no input validation library. Please install zod and add schema validation for all API endpoints and form inputs. Define schemas for request bodies, query parameters, and path parameters. Return clear validation error messages so clients know exactly what to fix. 4. My .gitignore is missing important entries. Please update .gitignore to exclude: node_modules/, .env, .env.*, dist/, build/, coverage/, .DS_Store, and any IDE-specific files.