fix(web): frontend quality — XSS, error states, a11y, image optimization, security headers

- Whitelist OAuth error codes; never render raw URL params (XSS fix) - Add error state UI with retry button for API failures on homepage and search - Use <article> for property cards with ARIA labels and semantic list markup - Replace raw <img> with Next.js <Image> across all listing/gallery/KYC pages - Add security headers (X-Content-Type-Options, X-Frame-Options, etc.) in next.config.js - Gate console.error behind NODE_ENV check in global error boundary - Mapbox confirmed npm-bundled (SRI N/A) Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-04-08 06:32:08 +07:00
parent e9889539ea
commit afa70320f5
11 changed files with 215 additions and 104 deletions
--- a/apps/web/components/search/search-results.tsx
+++ b/apps/web/components/search/search-results.tsx
@@ -9,6 +9,8 @@ import type { ListingDetail, PaginatedResult } from '@/lib/listings-api';
 interface SearchResultsProps {
  result: PaginatedResult<ListingDetail> | null;
  loading: boolean;
+  error?: boolean;
+  onRetry?: () => void;
  page: number;
  sort: string;
  onPageChange: (page: number) => void;
@@ -18,6 +20,8 @@ interface SearchResultsProps {
 export function SearchResults({
  result,
  loading,
+  error,
+  onRetry,
  page,
  sort,
  onPageChange,
@@ -31,6 +35,20 @@ export function SearchResults({
    );
  }

+  if (error) {
+    return (
+      <div className="flex min-h-[400px] flex-col items-center justify-center gap-3 text-muted-foreground">
+        <p className="text-lg font-medium">Không thể tải kết quả tìm kiếm</p>
+        <p className="text-sm">Đã xảy ra lỗi. Vui lòng thử lại.</p>
+        {onRetry && (
+          <Button variant="outline" size="sm" onClick={onRetry}>
+            Thử lại
+          </Button>
+        )}
+      </div>
+    );
+  }
+
  if (!result || result.data.length === 0) {
    return (
      <div className="flex min-h-[400px] flex-col items-center justify-center text-muted-foreground">