SECURITY: XSS Vulnerability Exposed in Schema-org JSON-LD Injection via User Content

A critical security flaw has been identified in the frontend layer, where user-generated content is directly injected into JSON-LD structured data without sanitization. This vulnerability, located in the `src/app/berita/[slug]/page.tsx` file between lines 147-177, allows malicious scripts embedded in post titles and excerpts to execute, creating a direct cross-site scripting (XSS) risk. The system fails to filter this content before it is placed into the structured data script blocks served to users.

The root cause is the use of raw `post.title.rendered` and `post.excerpt.rendered` data within the JSON-LD component, bypassing the existing `DOMPurify` sanitization process. This oversight leaves the application's news pages open to injection attacks where an attacker could craft posts containing harmful JavaScript payloads. The vulnerability is tagged with a **High** priority, indicating an urgent need for remediation to prevent potential exploitation.

The proposed fix mandates importing and utilizing `DOMPurify` to sanitize both the title and description fields before JSON-LD injection. Specifically, developers must employ the existing `sanitizeHTML` utility from `src/lib/utils/sanitizeHTML.ts`, applying it to the excerpt after stripping HTML tags. Acceptance criteria require sanitizing both content fields, adding corresponding unit tests, and verifying that no XSS payload can pass through. Failure to patch this exposes the platform to data theft, session hijacking, and reputational damage, placing immediate pressure on the security and frontend engineering teams.