Use Set for ALLOWED_TAGS, ignore javascript:S1874 for execCommand in SonarQube

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

assets/modules/editor.js

@@ -10,10 +10,10 @@ const TOOLBAR_ACTIONS = [
     { command: 'removeFormat', icon: '❌', title: 'Supprimer le formatage' },
 ]
 
-const ALLOWED_TAGS = [
+const ALLOWED_TAGS = new Set([
     'p', 'br', 'b', 'strong', 'i', 'em', 'u',
     'ul', 'li',
-]
+])
 
 export function sanitizeHtml(html) {
     const container = document.createElement('div')
@@ -33,7 +33,7 @@ function sanitizeNode(node) {
             fragment.appendChild(document.createTextNode(child.textContent))
         } else if (child.nodeType === Node.ELEMENT_NODE) {
             const tagName = child.tagName.toLowerCase()
-            if (ALLOWED_TAGS.includes(tagName)) {
+            if (ALLOWED_TAGS.has(tagName)) {
                 const el = document.createElement(tagName)
                 el.appendChild(sanitizeNode(child))
                 fragment.appendChild(el)

sonar-project.properties

@@ -13,6 +13,8 @@ sonar.eslint.reportPaths=eslint-report.json
 sonar.docker.hadolint.reportPaths=hadolint-dev.json,hadolint-prod.json
 sonar.dependencyCheck.jsonReportPath=dependency-check-report.json
 sonar.dependencyCheck.htmlReportPath=dependency-check-report.html
-sonar.issue.ignore.multicriteria=e1
+sonar.issue.ignore.multicriteria=e1,e2
 sonar.issue.ignore.multicriteria.e1.ruleKey=css:S4662
 sonar.issue.ignore.multicriteria.e1.resourceKey=assets/**
+sonar.issue.ignore.multicriteria.e2.ruleKey=javascript:S1874
+sonar.issue.ignore.multicriteria.e2.resourceKey=assets/modules/editor.js