diff --git a/backend/composer.json b/backend/composer.json
index 409914d..261dbfa 100644
--- a/backend/composer.json
+++ b/backend/composer.json
@@ -28,6 +28,7 @@
         "symfony/dotenv": "^8.0",
         "symfony/flex": "^2",
         "symfony/framework-bundle": "^8.0",
+        "symfony/html-sanitizer": "8.0.*",
         "symfony/http-client": "8.0.*",
         "symfony/lock": "8.0.*",
         "symfony/mailer": "8.0.*",
diff --git a/backend/composer.lock b/backend/composer.lock
index fb21f74..57b067c 100644
--- a/backend/composer.lock
+++ b/backend/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "cf5f7c77977031afccfa7da74ed52205",
+    "content-hash": "92b9472c96a59c314d96372c4094f185",
     "packages": [
         {
             "name": "api-platform/core",
@@ -1785,6 +1785,188 @@
             ],
             "time": "2025-10-17T11:30:53+00:00"
         },
+        {
+            "name": "league/uri",
+            "version": "7.8.1",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/thephpleague/uri.git",
+                "reference": "08cf38e3924d4f56238125547b5720496fac8fd4"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/thephpleague/uri/zipball/08cf38e3924d4f56238125547b5720496fac8fd4",
+                "reference": "08cf38e3924d4f56238125547b5720496fac8fd4",
+                "shasum": ""
+            },
+            "require": {
+                "league/uri-interfaces": "^7.8.1",
+                "php": "^8.1",
+                "psr/http-factory": "^1"
+            },
+            "conflict": {
+                "league/uri-schemes": "^1.0"
+            },
+            "suggest": {
+                "ext-bcmath": "to improve IPV4 host parsing",
+                "ext-dom": "to convert the URI into an HTML anchor tag",
+                "ext-fileinfo": "to create Data URI from file contennts",
+                "ext-gmp": "to improve IPV4 host parsing",
+                "ext-intl": "to handle IDN host with the best performance",
+                "ext-uri": "to use the PHP native URI class",
+                "jeremykendall/php-domain-parser": "to further parse the URI host and resolve its Public Suffix and Top Level Domain",
+                "league/uri-components": "to provide additional tools to manipulate URI objects components",
+                "league/uri-polyfill": "to backport the PHP URI extension for older versions of PHP",
+                "php-64bit": "to improve IPV4 host parsing",
+                "rowbot/url": "to handle URLs using the WHATWG URL Living Standard specification",
+                "symfony/polyfill-intl-idn": "to handle IDN host via the Symfony polyfill if ext-intl is not present"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "7.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "League\\Uri\\": ""
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Ignace Nyamagana Butera",
+                    "email": "nyamsprod@gmail.com",
+                    "homepage": "https://nyamsprod.com"
+                }
+            ],
+            "description": "URI manipulation library",
+            "homepage": "https://uri.thephpleague.com",
+            "keywords": [
+                "URN",
+                "data-uri",
+                "file-uri",
+                "ftp",
+                "hostname",
+                "http",
+                "https",
+                "middleware",
+                "parse_str",
+                "parse_url",
+                "psr-7",
+                "query-string",
+                "querystring",
+                "rfc2141",
+                "rfc3986",
+                "rfc3987",
+                "rfc6570",
+                "rfc8141",
+                "uri",
+                "uri-template",
+                "url",
+                "ws"
+            ],
+            "support": {
+                "docs": "https://uri.thephpleague.com",
+                "forum": "https://thephpleague.slack.com",
+                "issues": "https://github.com/thephpleague/uri-src/issues",
+                "source": "https://github.com/thephpleague/uri/tree/7.8.1"
+            },
+            "funding": [
+                {
+                    "url": "https://github.com/sponsors/nyamsprod",
+                    "type": "github"
+                }
+            ],
+            "time": "2026-03-15T20:22:25+00:00"
+        },
+        {
+            "name": "league/uri-interfaces",
+            "version": "7.8.1",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/thephpleague/uri-interfaces.git",
+                "reference": "85d5c77c5d6d3af6c54db4a78246364908f3c928"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/thephpleague/uri-interfaces/zipball/85d5c77c5d6d3af6c54db4a78246364908f3c928",
+                "reference": "85d5c77c5d6d3af6c54db4a78246364908f3c928",
+                "shasum": ""
+            },
+            "require": {
+                "ext-filter": "*",
+                "php": "^8.1",
+                "psr/http-message": "^1.1 || ^2.0"
+            },
+            "suggest": {
+                "ext-bcmath": "to improve IPV4 host parsing",
+                "ext-gmp": "to improve IPV4 host parsing",
+                "ext-intl": "to handle IDN host with the best performance",
+                "php-64bit": "to improve IPV4 host parsing",
+                "rowbot/url": "to handle URLs using the WHATWG URL Living Standard specification",
+                "symfony/polyfill-intl-idn": "to handle IDN host via the Symfony polyfill if ext-intl is not present"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "7.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "League\\Uri\\": ""
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Ignace Nyamagana Butera",
+                    "email": "nyamsprod@gmail.com",
+                    "homepage": "https://nyamsprod.com"
+                }
+            ],
+            "description": "Common tools for parsing and resolving RFC3987/RFC3986 URI",
+            "homepage": "https://uri.thephpleague.com",
+            "keywords": [
+                "data-uri",
+                "file-uri",
+                "ftp",
+                "hostname",
+                "http",
+                "https",
+                "parse_str",
+                "parse_url",
+                "psr-7",
+                "query-string",
+                "querystring",
+                "rfc3986",
+                "rfc3987",
+                "rfc6570",
+                "uri",
+                "url",
+                "ws"
+            ],
+            "support": {
+                "docs": "https://uri.thephpleague.com",
+                "forum": "https://thephpleague.slack.com",
+                "issues": "https://github.com/thephpleague/uri-src/issues",
+                "source": "https://github.com/thephpleague/uri-interfaces/tree/7.8.1"
+            },
+            "funding": [
+                {
+                    "url": "https://github.com/sponsors/nyamsprod",
+                    "type": "github"
+                }
+            ],
+            "time": "2026-03-08T20:05:35+00:00"
+        },
         {
             "name": "lexik/jwt-authentication-bundle",
             "version": "v3.2.0",
@@ -4841,6 +5023,78 @@
             ],
             "time": "2026-01-27T09:06:10+00:00"
         },
+        {
+            "name": "symfony/html-sanitizer",
+            "version": "v8.0.7",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/symfony/html-sanitizer.git",
+                "reference": "555b37caeee3d07af33471e02377d5ff561f8ac2"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/symfony/html-sanitizer/zipball/555b37caeee3d07af33471e02377d5ff561f8ac2",
+                "reference": "555b37caeee3d07af33471e02377d5ff561f8ac2",
+                "shasum": ""
+            },
+            "require": {
+                "ext-dom": "*",
+                "league/uri": "^6.5|^7.0",
+                "php": ">=8.4"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "Symfony\\Component\\HtmlSanitizer\\": ""
+                },
+                "exclude-from-classmap": [
+                    "/Tests/"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Titouan Galopin",
+                    "email": "galopintitouan@gmail.com"
+                },
+                {
+                    "name": "Symfony Community",
+                    "homepage": "https://symfony.com/contributors"
+                }
+            ],
+            "description": "Provides an object-oriented API to sanitize untrusted HTML input for safe insertion into a document's DOM.",
+            "homepage": "https://symfony.com",
+            "keywords": [
+                "Purifier",
+                "html",
+                "sanitizer"
+            ],
+            "support": {
+                "source": "https://github.com/symfony/html-sanitizer/tree/v8.0.7"
+            },
+            "funding": [
+                {
+                    "url": "https://symfony.com/sponsor",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/fabpot",
+                    "type": "github"
+                },
+                {
+                    "url": "https://github.com/nicolas-grekas",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2026-03-06T13:17:40+00:00"
+        },
         {
             "name": "symfony/http-client",
             "version": "v8.0.5",
diff --git a/backend/config/packages/html_sanitizer.yaml b/backend/config/packages/html_sanitizer.yaml
new file mode 100644
index 0000000..7b1efb3
--- /dev/null
+++ b/backend/config/packages/html_sanitizer.yaml
@@ -0,0 +1,13 @@
+framework:
+    html_sanitizer:
+        sanitizers:
+            homework_sanitizer:
+                allow_elements:
+                    p: []
+                    br: []
+                    strong: []
+                    em: []
+                    ul: []
+                    ol: []
+                    li: []
+                    a: ['href', 'target', 'rel']
diff --git a/backend/config/services.yaml b/backend/config/services.yaml
index 5a6c87b..b316339 100644
--- a/backend/config/services.yaml
+++ b/backend/config/services.yaml
@@ -222,6 +222,13 @@ services:
     App\Scolarite\Domain\Service\HomeworkDuplicator:
         autowire: true
 
+    App\Scolarite\Application\Port\HtmlSanitizer:
+        alias: App\Scolarite\Infrastructure\Service\HomeworkHtmlSanitizer
+
+    App\Scolarite\Infrastructure\Service\HomeworkHtmlSanitizer:
+        arguments:
+            $homeworkSanitizer: '@html_sanitizer.sanitizer.homework_sanitizer'
+
     App\Scolarite\Application\Port\FileStorage:
         alias: App\Scolarite\Infrastructure\Storage\LocalFileStorage
 
diff --git a/backend/src/Scolarite/Application/Command/CreateHomework/CreateHomeworkHandler.php b/backend/src/Scolarite/Application/Command/CreateHomework/CreateHomeworkHandler.php
index ae9d29c..11875bf 100644
--- a/backend/src/Scolarite/Application/Command/CreateHomework/CreateHomeworkHandler.php
+++ b/backend/src/Scolarite/Application/Command/CreateHomework/CreateHomeworkHandler.php
@@ -10,6 +10,7 @@ use App\Administration\Domain\Model\User\UserId;
 use App\Scolarite\Application\Port\CurrentCalendarProvider;
 use App\Scolarite\Application\Port\EnseignantAffectationChecker;
 use App\Scolarite\Application\Port\HomeworkRulesChecker;
+use App\Scolarite\Application\Port\HtmlSanitizer;
 use App\Scolarite\Domain\Exception\EnseignantNonAffecteException;
 use App\Scolarite\Domain\Exception\ReglesDevoirsNonRespecteesException;
 use App\Scolarite\Domain\Model\Homework\Homework;
@@ -29,6 +30,7 @@ final readonly class CreateHomeworkHandler
         private CurrentCalendarProvider $calendarProvider,
         private DueDateValidator $dueDateValidator,
         private HomeworkRulesChecker $rulesChecker,
+        private HtmlSanitizer $htmlSanitizer,
         private Clock $clock,
     ) {
     }
@@ -63,13 +65,17 @@ final readonly class CreateHomeworkHandler
             throw new ReglesDevoirsNonRespecteesException($rulesResult->toArray());
         }
 
+        $description = $command->description !== null
+            ? $this->htmlSanitizer->sanitize($command->description)
+            : null;
+
         $homework = Homework::creer(
             tenantId: $tenantId,
             classId: $classId,
             subjectId: $subjectId,
             teacherId: $teacherId,
             title: $command->title,
-            description: $command->description,
+            description: $description,
             dueDate: $dueDate,
             now: $now,
         );
diff --git a/backend/src/Scolarite/Application/Command/UpdateHomework/UpdateHomeworkHandler.php b/backend/src/Scolarite/Application/Command/UpdateHomework/UpdateHomeworkHandler.php
index 02bb5e2..3f9ab7e 100644
--- a/backend/src/Scolarite/Application/Command/UpdateHomework/UpdateHomeworkHandler.php
+++ b/backend/src/Scolarite/Application/Command/UpdateHomework/UpdateHomeworkHandler.php
@@ -6,6 +6,7 @@ namespace App\Scolarite\Application\Command\UpdateHomework;
 
 use App\Administration\Domain\Model\User\UserId;
 use App\Scolarite\Application\Port\CurrentCalendarProvider;
+use App\Scolarite\Application\Port\HtmlSanitizer;
 use App\Scolarite\Domain\Exception\NonProprietaireDuDevoirException;
 use App\Scolarite\Domain\Model\Homework\Homework;
 use App\Scolarite\Domain\Model\Homework\HomeworkId;
@@ -23,6 +24,7 @@ final readonly class UpdateHomeworkHandler
         private HomeworkRepository $homeworkRepository,
         private CurrentCalendarProvider $calendarProvider,
         private DueDateValidator $dueDateValidator,
+        private HtmlSanitizer $htmlSanitizer,
         private Clock $clock,
     ) {
     }
@@ -44,9 +46,13 @@ final readonly class UpdateHomeworkHandler
         $dueDate = new DateTimeImmutable($command->dueDate);
         $this->dueDateValidator->valider($dueDate, $now, $calendar);
 
+        $description = $command->description !== null
+            ? $this->htmlSanitizer->sanitize($command->description)
+            : null;
+
         $homework->modifier(
             title: $command->title,
-            description: $command->description,
+            description: $description,
             dueDate: $dueDate,
             now: $now,
         );
diff --git a/backend/src/Scolarite/Application/Command/UploadHomeworkAttachment/UploadHomeworkAttachmentHandler.php b/backend/src/Scolarite/Application/Command/UploadHomeworkAttachment/UploadHomeworkAttachmentHandler.php
index ba0b3a9..8548185 100644
--- a/backend/src/Scolarite/Application/Command/UploadHomeworkAttachment/UploadHomeworkAttachmentHandler.php
+++ b/backend/src/Scolarite/Application/Command/UploadHomeworkAttachment/UploadHomeworkAttachmentHandler.php
@@ -37,7 +37,7 @@ final readonly class UploadHomeworkAttachmentHandler
         $this->homeworkRepository->get($homeworkId, $tenantId);
 
         $attachmentId = HomeworkAttachmentId::generate();
-        $storagePath = sprintf('homework/%s/%s/%s', $command->tenantId, $command->homeworkId, $command->filename);
+        $storagePath = sprintf('homework/%s/%s/%s/%s', $command->tenantId, $command->homeworkId, (string) $attachmentId, $command->filename);
 
         $content = file_get_contents($command->tempFilePath);
 
diff --git a/backend/src/Scolarite/Application/Port/HtmlSanitizer.php b/backend/src/Scolarite/Application/Port/HtmlSanitizer.php
new file mode 100644
index 0000000..cdf6ad2
--- /dev/null
+++ b/backend/src/Scolarite/Application/Port/HtmlSanitizer.php
@@ -0,0 +1,10 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Scolarite\Application\Port;
+
+interface HtmlSanitizer
+{
+    public function sanitize(string $html): string;
+}
diff --git a/backend/src/Scolarite/Domain/Repository/HomeworkAttachmentRepository.php b/backend/src/Scolarite/Domain/Repository/HomeworkAttachmentRepository.php
index db91e91..ed67d85 100644
--- a/backend/src/Scolarite/Domain/Repository/HomeworkAttachmentRepository.php
+++ b/backend/src/Scolarite/Domain/Repository/HomeworkAttachmentRepository.php
@@ -18,4 +18,6 @@ interface HomeworkAttachmentRepository
     public function hasAttachments(HomeworkId ...$homeworkIds): array;
 
     public function save(HomeworkId $homeworkId, HomeworkAttachment $attachment): void;
+
+    public function delete(HomeworkId $homeworkId, HomeworkAttachment $attachment): void;
 }
diff --git a/backend/src/Scolarite/Infrastructure/Api/Controller/HomeworkAttachmentController.php b/backend/src/Scolarite/Infrastructure/Api/Controller/HomeworkAttachmentController.php
new file mode 100644
index 0000000..f77219e
--- /dev/null
+++ b/backend/src/Scolarite/Infrastructure/Api/Controller/HomeworkAttachmentController.php
@@ -0,0 +1,207 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Scolarite\Infrastructure\Api\Controller;
+
+use App\Administration\Infrastructure\Security\SecurityUser;
+use App\Scolarite\Application\Command\UploadHomeworkAttachment\UploadHomeworkAttachmentCommand;
+use App\Scolarite\Application\Command\UploadHomeworkAttachment\UploadHomeworkAttachmentHandler;
+use App\Scolarite\Application\Port\FileStorage;
+use App\Scolarite\Domain\Exception\PieceJointeInvalideException;
+use App\Scolarite\Domain\Model\Homework\HomeworkAttachment;
+use App\Scolarite\Domain\Model\Homework\HomeworkId;
+use App\Scolarite\Domain\Repository\HomeworkAttachmentRepository;
+use App\Scolarite\Domain\Repository\HomeworkRepository;
+use App\Shared\Domain\Tenant\TenantId;
+
+use function array_map;
+use function realpath;
+use function str_starts_with;
+
+use Symfony\Bundle\SecurityBundle\Security;
+use Symfony\Component\DependencyInjection\Attribute\Autowire;
+use Symfony\Component\HttpFoundation\BinaryFileResponse;
+use Symfony\Component\HttpFoundation\JsonResponse;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpFoundation\ResponseHeaderBag;
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
+use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
+use Symfony\Component\Routing\Attribute\Route;
+
+final readonly class HomeworkAttachmentController
+{
+    public function __construct(
+        private Security $security,
+        private HomeworkRepository $homeworkRepository,
+        private HomeworkAttachmentRepository $attachmentRepository,
+        private UploadHomeworkAttachmentHandler $uploadHandler,
+        private FileStorage $fileStorage,
+        #[Autowire('%kernel.project_dir%/var/storage')]
+        private string $storageDir,
+    ) {
+    }
+
+    #[Route('/api/homework/{id}/attachments', name: 'api_homework_attachment_list', methods: ['GET'])]
+    public function list(string $id): JsonResponse
+    {
+        $user = $this->getSecurityUser();
+        $tenantId = TenantId::fromString($user->tenantId());
+
+        $homework = $this->homeworkRepository->findById(HomeworkId::fromString($id), $tenantId);
+
+        if ($homework === null) {
+            throw new NotFoundHttpException('Devoir non trouvé.');
+        }
+
+        if ((string) $homework->teacherId !== $user->userId()) {
+            throw new AccessDeniedHttpException('Accès non autorisé.');
+        }
+
+        $attachments = $this->attachmentRepository->findByHomeworkId($homework->id);
+
+        return new JsonResponse(array_map(
+            static fn (HomeworkAttachment $a): array => [
+                'id' => (string) $a->id,
+                'filename' => $a->filename,
+                'fileSize' => $a->fileSize,
+                'mimeType' => $a->mimeType,
+            ],
+            $attachments,
+        ));
+    }
+
+    #[Route('/api/homework/{id}/attachments', name: 'api_homework_attachment_upload', methods: ['POST'])]
+    public function upload(string $id, Request $request): JsonResponse
+    {
+        $user = $this->getSecurityUser();
+        $tenantId = TenantId::fromString($user->tenantId());
+
+        $homework = $this->homeworkRepository->findById(HomeworkId::fromString($id), $tenantId);
+
+        if ($homework === null) {
+            throw new NotFoundHttpException('Devoir non trouvé.');
+        }
+
+        if ((string) $homework->teacherId !== $user->userId()) {
+            throw new AccessDeniedHttpException('Seul le propriétaire peut ajouter des pièces jointes.');
+        }
+
+        $file = $request->files->get('file');
+
+        if ($file === null) {
+            throw new BadRequestHttpException('Aucun fichier envoyé.');
+        }
+
+        /** @var \Symfony\Component\HttpFoundation\File\UploadedFile $file */
+        $originalName = $file->getClientOriginalName();
+        $mimeType = $file->getMimeType() ?? $file->getClientMimeType() ?? '';
+        $fileSize = $file->getSize();
+
+        try {
+            $attachment = ($this->uploadHandler)(new UploadHomeworkAttachmentCommand(
+                tenantId: $user->tenantId(),
+                homeworkId: $id,
+                filename: $originalName,
+                mimeType: $mimeType,
+                fileSize: (int) $fileSize,
+                tempFilePath: $file->getPathname(),
+            ));
+
+            $this->attachmentRepository->save($homework->id, $attachment);
+        } catch (PieceJointeInvalideException $e) {
+            throw new BadRequestHttpException($e->getMessage());
+        }
+
+        return new JsonResponse([
+            'id' => (string) $attachment->id,
+            'filename' => $attachment->filename,
+            'fileSize' => $attachment->fileSize,
+            'mimeType' => $attachment->mimeType,
+        ], Response::HTTP_CREATED);
+    }
+
+    #[Route('/api/homework/{id}/attachments/{attachmentId}', name: 'api_homework_attachment_download', methods: ['GET'])]
+    public function download(string $id, string $attachmentId): BinaryFileResponse
+    {
+        $user = $this->getSecurityUser();
+        $tenantId = TenantId::fromString($user->tenantId());
+
+        $homework = $this->homeworkRepository->findById(HomeworkId::fromString($id), $tenantId);
+
+        if ($homework === null) {
+            throw new NotFoundHttpException('Devoir non trouvé.');
+        }
+
+        if ((string) $homework->teacherId !== $user->userId()) {
+            throw new AccessDeniedHttpException('Accès non autorisé.');
+        }
+
+        $attachments = $this->attachmentRepository->findByHomeworkId($homework->id);
+
+        foreach ($attachments as $attachment) {
+            if ((string) $attachment->id === $attachmentId) {
+                $fullPath = $this->storageDir . '/' . $attachment->filePath;
+                $realPath = realpath($fullPath);
+                $realStorageDir = realpath($this->storageDir);
+
+                if ($realPath === false || $realStorageDir === false || !str_starts_with($realPath, $realStorageDir)) {
+                    throw new NotFoundHttpException('Pièce jointe non trouvée.');
+                }
+
+                $response = new BinaryFileResponse($realPath);
+                $response->setContentDisposition(
+                    ResponseHeaderBag::DISPOSITION_INLINE,
+                    $attachment->filename,
+                );
+
+                return $response;
+            }
+        }
+
+        throw new NotFoundHttpException('Pièce jointe non trouvée.');
+    }
+
+    #[Route('/api/homework/{id}/attachments/{attachmentId}', name: 'api_homework_attachment_delete', methods: ['DELETE'])]
+    public function delete(string $id, string $attachmentId): Response
+    {
+        $user = $this->getSecurityUser();
+        $tenantId = TenantId::fromString($user->tenantId());
+
+        $homework = $this->homeworkRepository->findById(HomeworkId::fromString($id), $tenantId);
+
+        if ($homework === null) {
+            throw new NotFoundHttpException('Devoir non trouvé.');
+        }
+
+        if ((string) $homework->teacherId !== $user->userId()) {
+            throw new AccessDeniedHttpException('Seul le propriétaire peut supprimer des pièces jointes.');
+        }
+
+        $attachments = $this->attachmentRepository->findByHomeworkId($homework->id);
+
+        foreach ($attachments as $attachment) {
+            if ((string) $attachment->id === $attachmentId) {
+                $this->fileStorage->delete($attachment->filePath);
+                $this->attachmentRepository->delete($homework->id, $attachment);
+
+                return new Response(status: Response::HTTP_NO_CONTENT);
+            }
+        }
+
+        throw new NotFoundHttpException('Pièce jointe non trouvée.');
+    }
+
+    private function getSecurityUser(): SecurityUser
+    {
+        $user = $this->security->getUser();
+
+        if (!$user instanceof SecurityUser) {
+            throw new AccessDeniedHttpException('Authentification requise.');
+        }
+
+        return $user;
+    }
+}
diff --git a/backend/src/Scolarite/Infrastructure/Api/Controller/ParentHomeworkController.php b/backend/src/Scolarite/Infrastructure/Api/Controller/ParentHomeworkController.php
index 0226288..c00bce2 100644
--- a/backend/src/Scolarite/Infrastructure/Api/Controller/ParentHomeworkController.php
+++ b/backend/src/Scolarite/Infrastructure/Api/Controller/ParentHomeworkController.php
@@ -45,7 +45,7 @@ final readonly class ParentHomeworkController
         private GetChildrenHomeworkDetailHandler $detailHandler,
         private HomeworkRepository $homeworkRepository,
         private HomeworkAttachmentRepository $attachmentRepository,
-        #[Autowire('%kernel.project_dir%/var/uploads')]
+        #[Autowire('%kernel.project_dir%/var/storage')]
         private string $uploadsDir,
     ) {
     }
@@ -138,7 +138,8 @@ final readonly class ParentHomeworkController
 
         foreach ($attachments as $attachment) {
             if ((string) $attachment->id === $attachmentId) {
-                $realPath = realpath($attachment->filePath);
+                $fullPath = $this->uploadsDir . '/' . $attachment->filePath;
+                $realPath = realpath($fullPath);
                 $realUploadsDir = realpath($this->uploadsDir);
 
                 if ($realPath === false || $realUploadsDir === false || !str_starts_with($realPath, $realUploadsDir)) {
diff --git a/backend/src/Scolarite/Infrastructure/Api/Controller/StudentHomeworkController.php b/backend/src/Scolarite/Infrastructure/Api/Controller/StudentHomeworkController.php
index 2bbd470..8ccc3ac 100644
--- a/backend/src/Scolarite/Infrastructure/Api/Controller/StudentHomeworkController.php
+++ b/backend/src/Scolarite/Infrastructure/Api/Controller/StudentHomeworkController.php
@@ -44,7 +44,7 @@ final readonly class StudentHomeworkController
         private HomeworkAttachmentRepository $attachmentRepository,
         private ScheduleDisplayReader $displayReader,
         private StudentClassReader $studentClassReader,
-        #[Autowire('%kernel.project_dir%/var/uploads')]
+        #[Autowire('%kernel.project_dir%/var/storage')]
         private string $uploadsDir,
     ) {
     }
@@ -115,7 +115,8 @@ final readonly class StudentHomeworkController
 
         foreach ($attachments as $attachment) {
             if ((string) $attachment->id === $attachmentId) {
-                $realPath = realpath($attachment->filePath);
+                $fullPath = $this->uploadsDir . '/' . $attachment->filePath;
+                $realPath = realpath($fullPath);
                 $realUploadsDir = realpath($this->uploadsDir);
 
                 if ($realPath === false || $realUploadsDir === false || !str_starts_with($realPath, $realUploadsDir)) {
diff --git a/backend/src/Scolarite/Infrastructure/Persistence/Doctrine/DoctrineHomeworkAttachmentRepository.php b/backend/src/Scolarite/Infrastructure/Persistence/Doctrine/DoctrineHomeworkAttachmentRepository.php
index a552c71..fbee12d 100644
--- a/backend/src/Scolarite/Infrastructure/Persistence/Doctrine/DoctrineHomeworkAttachmentRepository.php
+++ b/backend/src/Scolarite/Infrastructure/Persistence/Doctrine/DoctrineHomeworkAttachmentRepository.php
@@ -80,6 +80,18 @@ final readonly class DoctrineHomeworkAttachmentRepository implements HomeworkAtt
         );
     }
 
+    #[Override]
+    public function delete(HomeworkId $homeworkId, HomeworkAttachment $attachment): void
+    {
+        $this->connection->executeStatement(
+            'DELETE FROM homework_attachments WHERE id = :id AND homework_id = :homework_id',
+            [
+                'id' => (string) $attachment->id,
+                'homework_id' => (string) $homeworkId,
+            ],
+        );
+    }
+
     /** @param array<string, mixed> $row */
     private function hydrate(array $row): HomeworkAttachment
     {
diff --git a/backend/src/Scolarite/Infrastructure/Persistence/InMemory/InMemoryHomeworkAttachmentRepository.php b/backend/src/Scolarite/Infrastructure/Persistence/InMemory/InMemoryHomeworkAttachmentRepository.php
index 00f7aea..b5bd9ea 100644
--- a/backend/src/Scolarite/Infrastructure/Persistence/InMemory/InMemoryHomeworkAttachmentRepository.php
+++ b/backend/src/Scolarite/Infrastructure/Persistence/InMemory/InMemoryHomeworkAttachmentRepository.php
@@ -9,7 +9,9 @@ use App\Scolarite\Domain\Model\Homework\HomeworkId;
 use App\Scolarite\Domain\Repository\HomeworkAttachmentRepository;
 
 use function array_fill_keys;
+use function array_filter;
 use function array_map;
+use function array_values;
 
 use Override;
 
@@ -42,4 +44,19 @@ final class InMemoryHomeworkAttachmentRepository implements HomeworkAttachmentRe
     {
         $this->byHomeworkId[(string) $homeworkId][] = $attachment;
     }
+
+    #[Override]
+    public function delete(HomeworkId $homeworkId, HomeworkAttachment $attachment): void
+    {
+        $key = (string) $homeworkId;
+
+        if (!isset($this->byHomeworkId[$key])) {
+            return;
+        }
+
+        $this->byHomeworkId[$key] = array_values(array_filter(
+            $this->byHomeworkId[$key],
+            static fn (HomeworkAttachment $a): bool => (string) $a->id !== (string) $attachment->id,
+        ));
+    }
 }
diff --git a/backend/src/Scolarite/Infrastructure/Service/HomeworkHtmlSanitizer.php b/backend/src/Scolarite/Infrastructure/Service/HomeworkHtmlSanitizer.php
new file mode 100644
index 0000000..eb3a5b8
--- /dev/null
+++ b/backend/src/Scolarite/Infrastructure/Service/HomeworkHtmlSanitizer.php
@@ -0,0 +1,23 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Scolarite\Infrastructure\Service;
+
+use App\Scolarite\Application\Port\HtmlSanitizer;
+use Override;
+use Symfony\Component\HtmlSanitizer\HtmlSanitizerInterface;
+
+final readonly class HomeworkHtmlSanitizer implements HtmlSanitizer
+{
+    public function __construct(
+        private HtmlSanitizerInterface $homeworkSanitizer,
+    ) {
+    }
+
+    #[Override]
+    public function sanitize(string $html): string
+    {
+        return $this->homeworkSanitizer->sanitize($html);
+    }
+}
diff --git a/backend/tests/Unit/Scolarite/Application/Command/CreateHomework/CreateHomeworkHandlerTest.php b/backend/tests/Unit/Scolarite/Application/Command/CreateHomework/CreateHomeworkHandlerTest.php
index 98b6e63..8c7ae33 100644
--- a/backend/tests/Unit/Scolarite/Application/Command/CreateHomework/CreateHomeworkHandlerTest.php
+++ b/backend/tests/Unit/Scolarite/Application/Command/CreateHomework/CreateHomeworkHandlerTest.php
@@ -15,6 +15,7 @@ use App\Scolarite\Application\Port\CurrentCalendarProvider;
 use App\Scolarite\Application\Port\EnseignantAffectationChecker;
 use App\Scolarite\Application\Port\HomeworkRulesChecker;
 use App\Scolarite\Application\Port\HomeworkRulesCheckResult;
+use App\Scolarite\Application\Port\HtmlSanitizer;
 use App\Scolarite\Application\Port\RuleWarning;
 use App\Scolarite\Domain\Exception\DateEcheanceInvalideException;
 use App\Scolarite\Domain\Exception\EnseignantNonAffecteException;
@@ -110,6 +111,46 @@ final class CreateHomeworkHandlerTest extends TestCase
         self::assertNull($homework->description);
     }
 
+    #[Test]
+    public function itSanitizesHtmlDescription(): void
+    {
+        $sanitizer = new class implements HtmlSanitizer {
+            public function sanitize(string $html): string
+            {
+                return strip_tags($html, '<p><strong><em><ul><ol><li><a>');
+            }
+        };
+
+        $handler = $this->createHandlerWithSanitizer(affecte: true, htmlSanitizer: $sanitizer);
+        $command = $this->createCommand(description: '<p>Texte <strong>gras</strong></p><script>alert("xss")</script>');
+
+        $homework = $handler($command);
+
+        self::assertSame('<p>Texte <strong>gras</strong></p>alert("xss")', $homework->description);
+    }
+
+    #[Test]
+    public function itDoesNotSanitizeNullDescription(): void
+    {
+        $sanitizer = new class implements HtmlSanitizer {
+            public bool $called = false;
+
+            public function sanitize(string $html): string
+            {
+                $this->called = true;
+
+                return $html;
+            }
+        };
+
+        $handler = $this->createHandlerWithSanitizer(affecte: true, htmlSanitizer: $sanitizer);
+        $command = $this->createCommand(description: null);
+
+        $handler($command);
+
+        self::assertFalse($sanitizer->called);
+    }
+
     #[Test]
     public function itThrowsWhenSoftRulesViolatedAndNotAcknowledged(): void
     {
@@ -269,12 +310,67 @@ final class CreateHomeworkHandlerTest extends TestCase
             }
         };
 
+        $htmlSanitizer = new class implements HtmlSanitizer {
+            public function sanitize(string $html): string
+            {
+                return $html;
+            }
+        };
+
         return new CreateHomeworkHandler(
             $this->homeworkRepository,
             $affectationChecker,
             $calendarProvider,
             new DueDateValidator(),
             $rulesChecker,
+            $htmlSanitizer,
+            $this->clock,
+        );
+    }
+
+    private function createHandlerWithSanitizer(bool $affecte, HtmlSanitizer $htmlSanitizer, ?HomeworkRulesCheckResult $rulesResult = null): CreateHomeworkHandler
+    {
+        $affectationChecker = new class($affecte) implements EnseignantAffectationChecker {
+            public function __construct(private readonly bool $affecte)
+            {
+            }
+
+            public function estAffecte(UserId $teacherId, ClassId $classId, SubjectId $subjectId, TenantId $tenantId): bool
+            {
+                return $this->affecte;
+            }
+        };
+
+        $calendarProvider = new class implements CurrentCalendarProvider {
+            public function forCurrentYear(TenantId $tenantId): SchoolCalendar
+            {
+                return SchoolCalendar::reconstitute(
+                    tenantId: $tenantId,
+                    academicYearId: AcademicYearId::fromString('550e8400-e29b-41d4-a716-446655440002'),
+                    zone: null,
+                    entries: [],
+                );
+            }
+        };
+
+        $rulesChecker = new class($rulesResult ?? HomeworkRulesCheckResult::ok()) implements HomeworkRulesChecker {
+            public function __construct(private readonly HomeworkRulesCheckResult $result)
+            {
+            }
+
+            public function verifier(TenantId $tenantId, DateTimeImmutable $dueDate, DateTimeImmutable $creationDate): HomeworkRulesCheckResult
+            {
+                return $this->result;
+            }
+        };
+
+        return new CreateHomeworkHandler(
+            $this->homeworkRepository,
+            $affectationChecker,
+            $calendarProvider,
+            new DueDateValidator(),
+            $rulesChecker,
+            $htmlSanitizer,
             $this->clock,
         );
     }
diff --git a/backend/tests/Unit/Scolarite/Application/Command/UpdateHomework/UpdateHomeworkHandlerTest.php b/backend/tests/Unit/Scolarite/Application/Command/UpdateHomework/UpdateHomeworkHandlerTest.php
index 88f93c2..fb43bed 100644
--- a/backend/tests/Unit/Scolarite/Application/Command/UpdateHomework/UpdateHomeworkHandlerTest.php
+++ b/backend/tests/Unit/Scolarite/Application/Command/UpdateHomework/UpdateHomeworkHandlerTest.php
@@ -12,6 +12,7 @@ use App\Administration\Domain\Model\User\UserId;
 use App\Scolarite\Application\Command\UpdateHomework\UpdateHomeworkCommand;
 use App\Scolarite\Application\Command\UpdateHomework\UpdateHomeworkHandler;
 use App\Scolarite\Application\Port\CurrentCalendarProvider;
+use App\Scolarite\Application\Port\HtmlSanitizer;
 use App\Scolarite\Domain\Exception\DateEcheanceInvalideException;
 use App\Scolarite\Domain\Exception\DevoirDejaSupprimeException;
 use App\Scolarite\Domain\Exception\HomeworkNotFoundException;
@@ -172,6 +173,60 @@ final class UpdateHomeworkHandlerTest extends TestCase
         self::assertSame('Exercices sans description', $homework->title);
     }
 
+    #[Test]
+    public function itSanitizesHtmlDescription(): void
+    {
+        $sanitizer = new class implements HtmlSanitizer {
+            public function sanitize(string $html): string
+            {
+                return strip_tags($html, '<p><strong><em><ul><ol><li><a>');
+            }
+        };
+
+        $handler = $this->createHandlerWithSanitizer($sanitizer);
+        $command = new UpdateHomeworkCommand(
+            tenantId: self::TENANT_ID,
+            homeworkId: (string) $this->existingHomeworkId,
+            teacherId: '550e8400-e29b-41d4-a716-446655440010',
+            title: 'Test sanitize',
+            description: '<p>Texte</p><script>alert("xss")</script>',
+            dueDate: '2026-04-20',
+        );
+
+        $homework = $handler($command);
+
+        self::assertSame('<p>Texte</p>alert("xss")', $homework->description);
+    }
+
+    #[Test]
+    public function itDoesNotSanitizeNullDescription(): void
+    {
+        $sanitizer = new class implements HtmlSanitizer {
+            public bool $called = false;
+
+            public function sanitize(string $html): string
+            {
+                $this->called = true;
+
+                return $html;
+            }
+        };
+
+        $handler = $this->createHandlerWithSanitizer($sanitizer);
+        $command = new UpdateHomeworkCommand(
+            tenantId: self::TENANT_ID,
+            homeworkId: (string) $this->existingHomeworkId,
+            teacherId: '550e8400-e29b-41d4-a716-446655440010',
+            title: 'Test null desc',
+            description: null,
+            dueDate: '2026-04-20',
+        );
+
+        $handler($command);
+
+        self::assertFalse($sanitizer->called);
+    }
+
     #[Test]
     public function itThrowsWhenNotOwner(): void
     {
@@ -206,7 +261,7 @@ final class UpdateHomeworkHandlerTest extends TestCase
         $this->homeworkRepository->save($homework);
     }
 
-    private function createHandler(): UpdateHomeworkHandler
+    private function createHandlerWithSanitizer(HtmlSanitizer $htmlSanitizer): UpdateHomeworkHandler
     {
         $calendarProvider = new class implements CurrentCalendarProvider {
             public function forCurrentYear(TenantId $tenantId): SchoolCalendar
@@ -224,6 +279,37 @@ final class UpdateHomeworkHandlerTest extends TestCase
             $this->homeworkRepository,
             $calendarProvider,
             new DueDateValidator(),
+            $htmlSanitizer,
+            $this->clock,
+        );
+    }
+
+    private function createHandler(): UpdateHomeworkHandler
+    {
+        $calendarProvider = new class implements CurrentCalendarProvider {
+            public function forCurrentYear(TenantId $tenantId): SchoolCalendar
+            {
+                return SchoolCalendar::reconstitute(
+                    tenantId: $tenantId,
+                    academicYearId: AcademicYearId::fromString('550e8400-e29b-41d4-a716-446655440002'),
+                    zone: null,
+                    entries: [],
+                );
+            }
+        };
+
+        $htmlSanitizer = new class implements HtmlSanitizer {
+            public function sanitize(string $html): string
+            {
+                return $html;
+            }
+        };
+
+        return new UpdateHomeworkHandler(
+            $this->homeworkRepository,
+            $calendarProvider,
+            new DueDateValidator(),
+            $htmlSanitizer,
             $this->clock,
         );
     }
diff --git a/backend/tests/Unit/Scolarite/Infrastructure/Service/HomeworkHtmlSanitizerTest.php b/backend/tests/Unit/Scolarite/Infrastructure/Service/HomeworkHtmlSanitizerTest.php
new file mode 100644
index 0000000..5223887
--- /dev/null
+++ b/backend/tests/Unit/Scolarite/Infrastructure/Service/HomeworkHtmlSanitizerTest.php
@@ -0,0 +1,158 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Tests\Unit\Scolarite\Infrastructure\Service;
+
+use App\Scolarite\Infrastructure\Service\HomeworkHtmlSanitizer;
+use PHPUnit\Framework\Attributes\DataProvider;
+use PHPUnit\Framework\Attributes\Test;
+use PHPUnit\Framework\TestCase;
+use Symfony\Component\HtmlSanitizer\HtmlSanitizer;
+use Symfony\Component\HtmlSanitizer\HtmlSanitizerConfig;
+
+final class HomeworkHtmlSanitizerTest extends TestCase
+{
+    private HomeworkHtmlSanitizer $sanitizer;
+
+    protected function setUp(): void
+    {
+        $config = (new HtmlSanitizerConfig())
+            ->allowElement('p')
+            ->allowElement('br')
+            ->allowElement('strong')
+            ->allowElement('em')
+            ->allowElement('ul')
+            ->allowElement('ol')
+            ->allowElement('li')
+            ->allowElement('a', ['href', 'target', 'rel']);
+
+        $this->sanitizer = new HomeworkHtmlSanitizer(new HtmlSanitizer($config));
+    }
+
+    #[Test]
+    public function itAllowsBoldText(): void
+    {
+        $html = '<p>Texte <strong>en gras</strong></p>';
+
+        self::assertSame($html, $this->sanitizer->sanitize($html));
+    }
+
+    #[Test]
+    public function itAllowsItalicText(): void
+    {
+        $html = '<p>Texte <em>en italique</em></p>';
+
+        self::assertSame($html, $this->sanitizer->sanitize($html));
+    }
+
+    #[Test]
+    public function itAllowsUnorderedLists(): void
+    {
+        $html = '<ul><li>Élément 1</li><li>Élément 2</li></ul>';
+
+        self::assertSame($html, $this->sanitizer->sanitize($html));
+    }
+
+    #[Test]
+    public function itAllowsOrderedLists(): void
+    {
+        $html = '<ol><li>Premier</li><li>Deuxième</li></ol>';
+
+        self::assertSame($html, $this->sanitizer->sanitize($html));
+    }
+
+    #[Test]
+    public function itAllowsLinksWithSafeAttributes(): void
+    {
+        $html = '<p><a href="https://example.com" target="_blank" rel="noopener noreferrer">Lien</a></p>';
+
+        self::assertSame($html, $this->sanitizer->sanitize($html));
+    }
+
+    #[Test]
+    public function itStripsScriptTags(): void
+    {
+        $result = $this->sanitizer->sanitize('<p>Texte</p><script>alert("xss")</script>');
+
+        self::assertStringNotContainsString('<script>', $result);
+        self::assertStringNotContainsString('alert', $result);
+    }
+
+    #[Test]
+    public function itStripsEventHandlers(): void
+    {
+        $result = $this->sanitizer->sanitize('<p onclick="alert(1)">Texte</p>');
+
+        self::assertStringNotContainsString('onclick', $result);
+        self::assertStringContainsString('Texte', $result);
+    }
+
+    #[Test]
+    public function itStripsStyleTags(): void
+    {
+        $result = $this->sanitizer->sanitize('<style>body{display:none}</style><p>Texte</p>');
+
+        self::assertStringNotContainsString('<style>', $result);
+        self::assertStringContainsString('Texte', $result);
+    }
+
+    #[Test]
+    public function itStripsIframeTags(): void
+    {
+        $result = $this->sanitizer->sanitize('<p>Texte</p><iframe src="evil.com"></iframe>');
+
+        self::assertStringNotContainsString('<iframe>', $result);
+    }
+
+    #[Test]
+    public function itStripsImgTags(): void
+    {
+        $result = $this->sanitizer->sanitize('<p>Texte</p><img src="x" onerror="alert(1)">');
+
+        self::assertStringNotContainsString('<img', $result);
+        self::assertStringNotContainsString('onerror', $result);
+    }
+
+    #[Test]
+    public function itHandlesEmptyString(): void
+    {
+        self::assertSame('', $this->sanitizer->sanitize(''));
+    }
+
+    #[Test]
+    public function itHandlesPlainText(): void
+    {
+        $result = $this->sanitizer->sanitize('Texte simple sans HTML');
+
+        self::assertSame('Texte simple sans HTML', $result);
+    }
+
+    #[Test]
+    public function itStripsJavascriptLinks(): void
+    {
+        $result = $this->sanitizer->sanitize('<a href="javascript:alert(1)">Clic</a>');
+
+        self::assertStringNotContainsString('javascript:', $result);
+    }
+
+    #[Test]
+    #[DataProvider('richContentProvider')]
+    public function itPreservesRichContent(string $input, string $expectedSubstring): void
+    {
+        $result = $this->sanitizer->sanitize($input);
+
+        self::assertStringContainsString($expectedSubstring, $result);
+    }
+
+    /** @return iterable<string, array{string, string}> */
+    public static function richContentProvider(): iterable
+    {
+        yield 'gras' => ['<strong>gras</strong>', '<strong>gras</strong>'];
+        yield 'italique' => ['<em>italique</em>', '<em>italique</em>'];
+        yield 'liste à puces' => ['<ul><li>item</li></ul>', '<li>item</li>'];
+        yield 'liste numérotée' => ['<ol><li>item</li></ol>', '<ol>'];
+        yield 'paragraphe' => ['<p>texte</p>', '<p>texte</p>'];
+        yield 'lien' => ['<a href="https://x.com">lien</a>', 'href="https://x.com"'];
+    }
+}
diff --git a/frontend/e2e/homework-richtext-attachments.spec.ts b/frontend/e2e/homework-richtext-attachments.spec.ts
new file mode 100644
index 0000000..66371b3
--- /dev/null
+++ b/frontend/e2e/homework-richtext-attachments.spec.ts
@@ -0,0 +1,467 @@
+import { test, expect } from '@playwright/test';
+import { execSync } from 'child_process';
+import { join, dirname } from 'path';
+import { fileURLToPath } from 'url';
+import { writeFileSync, mkdirSync, unlinkSync } from 'fs';
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+
+const baseUrl = process.env.PLAYWRIGHT_BASE_URL || 'http://localhost:4173';
+const urlMatch = baseUrl.match(/:(\d+)$/);
+const PORT = urlMatch ? urlMatch[1] : '4173';
+const ALPHA_URL = `http://ecole-alpha.classeo.local:${PORT}`;
+
+// Réutilise le même enseignant que homework.spec.ts pour partager le setup
+const TEACHER_EMAIL = 'e2e-homework-teacher@example.com';
+const TEACHER_PASSWORD = 'HomeworkTest123';
+const TENANT_ID = 'a1b2c3d4-e5f6-7890-abcd-ef1234567890';
+
+const projectRoot = join(__dirname, '../..');
+const composeFile = join(projectRoot, 'compose.yaml');
+
+function runSql(sql: string) {
+	execSync(
+		`docker compose -f "${composeFile}" exec -T php php bin/console dbal:run-sql "${sql}" 2>&1`,
+		{ encoding: 'utf-8' }
+	);
+}
+
+function clearCache() {
+	try {
+		execSync(
+			`docker compose -f "${composeFile}" exec -T php php bin/console cache:pool:clear paginated_queries.cache 2>&1`,
+			{ encoding: 'utf-8' }
+		);
+	} catch {
+		// Cache pool may not exist
+	}
+}
+
+function resolveDeterministicIds(): { schoolId: string; academicYearId: string } {
+	const output = execSync(
+		`docker compose -f "${composeFile}" exec -T php php -r '` +
+			`require "/app/vendor/autoload.php"; ` +
+			`$t="${TENANT_ID}"; $ns="6ba7b814-9dad-11d1-80b4-00c04fd430c8"; ` +
+			`echo Ramsey\\Uuid\\Uuid::uuid5($ns,"school-$t")->toString()."\\n"; ` +
+			`$m=(int)date("n"); $s=$m>=9?(int)date("Y"):(int)date("Y")-1; $e=$s+1; ` +
+			`echo Ramsey\\Uuid\\Uuid::uuid5($ns,"$t:$s-$e")->toString();` +
+			`' 2>&1`,
+		{ encoding: 'utf-8' }
+	).trim();
+	const [schoolId, academicYearId] = output.split('\n');
+	return { schoolId: schoolId!, academicYearId: academicYearId! };
+}
+
+function getNextWeekday(daysFromNow: number): string {
+	const date = new Date();
+	date.setDate(date.getDate() + daysFromNow);
+	const day = date.getDay();
+	if (day === 0) date.setDate(date.getDate() + 1);
+	if (day === 6) date.setDate(date.getDate() + 2);
+	const y = date.getFullYear();
+	const m = String(date.getMonth() + 1).padStart(2, '0');
+	const d = String(date.getDate()).padStart(2, '0');
+	return `${y}-${m}-${d}`;
+}
+
+function seedTeacherAssignments() {
+	const { academicYearId } = resolveDeterministicIds();
+	try {
+		runSql(
+			`INSERT INTO teacher_assignments (id, tenant_id, teacher_id, school_class_id, subject_id, academic_year_id, status, start_date, created_at, updated_at) ` +
+				`SELECT gen_random_uuid(), '${TENANT_ID}', u.id, c.id, s.id, '${academicYearId}', 'active', NOW(), NOW(), NOW() ` +
+				`FROM users u CROSS JOIN school_classes c CROSS JOIN subjects s ` +
+				`WHERE u.email = '${TEACHER_EMAIL}' AND u.tenant_id = '${TENANT_ID}' ` +
+				`AND c.tenant_id = '${TENANT_ID}' ` +
+				`AND s.tenant_id = '${TENANT_ID}' ` +
+				`ON CONFLICT DO NOTHING`
+		);
+	} catch {
+		// May already exist
+	}
+}
+
+async function loginAsTeacher(page: import('@playwright/test').Page) {
+	await page.goto(`${ALPHA_URL}/login`);
+	await page.locator('#email').fill(TEACHER_EMAIL);
+	await page.locator('#password').fill(TEACHER_PASSWORD);
+	await Promise.all([
+		page.waitForURL(/\/dashboard/, { timeout: 30000 }),
+		page.getByRole('button', { name: /se connecter/i }).click()
+	]);
+}
+
+async function navigateToHomework(page: import('@playwright/test').Page) {
+	await page.goto(`${ALPHA_URL}/dashboard/teacher/homework`);
+	await expect(page.getByRole('heading', { name: /mes devoirs/i })).toBeVisible({ timeout: 15000 });
+}
+
+async function createHomework(page: import('@playwright/test').Page, title: string) {
+	await page.getByRole('button', { name: /nouveau devoir/i }).click();
+	await expect(page.getByRole('dialog')).toBeVisible({ timeout: 10000 });
+
+	await page.locator('#hw-class').selectOption({ index: 1 });
+	await page.locator('#hw-subject').selectOption({ index: 1 });
+	await page.locator('#hw-title').fill(title);
+
+	// Type in WYSIWYG editor
+	const editorContent = page.locator('.modal .rich-text-content');
+	await editorContent.click();
+	await page.keyboard.type('Consignes du devoir');
+
+	await page.locator('#hw-due-date').fill(getNextWeekday(5));
+	await page.getByRole('button', { name: /créer le devoir/i }).click();
+	await expect(page.getByRole('dialog')).not.toBeVisible({ timeout: 10000 });
+	await expect(page.getByText(title)).toBeVisible({ timeout: 10000 });
+}
+
+function createTempPdf(): string {
+	const tmpDir = join(__dirname, '..', 'tmp-test-files');
+	mkdirSync(tmpDir, { recursive: true });
+	const filePath = join(tmpDir, 'test-attachment.pdf');
+	const pdfContent = `%PDF-1.4
+1 0 obj<</Type/Catalog/Pages 2 0 R>>endobj
+2 0 obj<</Type/Pages/Kids[3 0 R]/Count 1>>endobj
+3 0 obj<</Type/Page/Parent 2 0 R/MediaBox[0 0 612 792]>>endobj
+xref
+0 4
+0000000000 65535 f
+0000000009 00000 n
+0000000058 00000 n
+0000000115 00000 n
+trailer<</Size 4/Root 1 0 R>>
+startxref
+190
+%%EOF`;
+	writeFileSync(filePath, pdfContent);
+	return filePath;
+}
+
+function createTempTxt(): string {
+	const tmpDir = join(__dirname, '..', 'tmp-test-files');
+	mkdirSync(tmpDir, { recursive: true });
+	const filePath = join(tmpDir, 'test-invalid.txt');
+	writeFileSync(filePath, 'This is a plain text file that should be rejected.');
+	return filePath;
+}
+
+function cleanupTempFiles() {
+	const tmpDir = join(__dirname, '..', 'tmp-test-files');
+	for (const name of ['test-attachment.pdf', 'test-invalid.txt']) {
+		try {
+			unlinkSync(join(tmpDir, name));
+		} catch {
+			// May not exist
+		}
+	}
+}
+
+test.describe('Rich Text & Attachments (Story 5.9)', () => {
+	test.beforeAll(async () => {
+		// Ensure teacher user exists (same as homework.spec.ts)
+		execSync(
+			`docker compose -f "${composeFile}" exec -T php php bin/console app:dev:create-test-user --tenant=ecole-alpha --email=${TEACHER_EMAIL} --password=${TEACHER_PASSWORD} --role=ROLE_PROF 2>&1`,
+			{ encoding: 'utf-8' }
+		);
+
+		const { schoolId, academicYearId } = resolveDeterministicIds();
+		try {
+			runSql(
+				`INSERT INTO school_classes (id, tenant_id, school_id, academic_year_id, name, level, status, created_at, updated_at) ` +
+					`VALUES (gen_random_uuid(), '${TENANT_ID}', '${schoolId}', '${academicYearId}', 'E2E-HW-6A', '6ème', 'active', NOW(), NOW()) ON CONFLICT DO NOTHING`
+			);
+			runSql(
+				`INSERT INTO subjects (id, tenant_id, school_id, name, code, status, created_at, updated_at) ` +
+					`VALUES (gen_random_uuid(), '${TENANT_ID}', '${schoolId}', 'E2E-HW-Maths', 'E2EMAT', 'active', NOW(), NOW()) ON CONFLICT DO NOTHING`
+			);
+		} catch {
+			// May already exist
+		}
+
+		seedTeacherAssignments();
+		clearCache();
+	});
+
+	test.afterAll(() => {
+		cleanupTempFiles();
+	});
+
+	test.beforeEach(async () => {
+		try {
+			runSql(`DELETE FROM homework WHERE tenant_id = '${TENANT_ID}' AND teacher_id IN (SELECT id FROM users WHERE email = '${TEACHER_EMAIL}' AND tenant_id = '${TENANT_ID}')`);
+		} catch {
+			// Table may not exist
+		}
+		clearCache();
+	});
+
+	// ============================================================================
+	// T4.1 : WYSIWYG Editor
+	// ============================================================================
+	test.describe('WYSIWYG Editor', () => {
+		test('create form shows rich text editor with toolbar', async ({ page }) => {
+			await loginAsTeacher(page);
+			await navigateToHomework(page);
+
+			await page.getByRole('button', { name: /nouveau devoir/i }).click();
+			await expect(page.getByRole('dialog')).toBeVisible({ timeout: 10000 });
+
+			// Rich text editor with toolbar should be visible
+			const editor = page.locator('.rich-text-editor');
+			await expect(editor).toBeVisible({ timeout: 5000 });
+			await expect(page.locator('.toolbar')).toBeVisible();
+
+			// Toolbar buttons
+			await expect(page.getByRole('button', { name: 'Gras' })).toBeVisible();
+			await expect(page.getByRole('button', { name: 'Italique' })).toBeVisible();
+			await expect(page.getByRole('button', { name: 'Liste à puces' })).toBeVisible();
+			await expect(page.getByRole('button', { name: 'Liste numérotée' })).toBeVisible();
+			await expect(page.getByRole('button', { name: 'Lien' })).toBeVisible();
+		});
+
+		test('can create homework with rich text description', async ({ page }) => {
+			await loginAsTeacher(page);
+			await navigateToHomework(page);
+
+			await page.getByRole('button', { name: /nouveau devoir/i }).click();
+			await expect(page.getByRole('dialog')).toBeVisible({ timeout: 10000 });
+
+			await page.locator('#hw-class').selectOption({ index: 1 });
+			await page.locator('#hw-subject').selectOption({ index: 1 });
+			await page.locator('#hw-title').fill('Devoir texte riche');
+
+			// Type in rich text editor
+			const editorContent = page.locator('.modal .rich-text-content');
+			await editorContent.click();
+			await page.keyboard.type('Consignes importantes');
+
+			await page.locator('#hw-due-date').fill(getNextWeekday(5));
+			await page.getByRole('button', { name: /créer le devoir/i }).click();
+
+			await expect(page.getByRole('dialog')).not.toBeVisible({ timeout: 10000 });
+			await expect(page.getByText('Devoir texte riche')).toBeVisible({ timeout: 10000 });
+		});
+
+		test('bold formatting works in editor', async ({ page }) => {
+			await loginAsTeacher(page);
+			await navigateToHomework(page);
+
+			await page.getByRole('button', { name: /nouveau devoir/i }).click();
+			await expect(page.getByRole('dialog')).toBeVisible({ timeout: 10000 });
+
+			await page.locator('#hw-class').selectOption({ index: 1 });
+			await page.locator('#hw-subject').selectOption({ index: 1 });
+			await page.locator('#hw-title').fill('Devoir gras test');
+
+			const editorContent = page.locator('.modal .rich-text-content');
+			await editorContent.click();
+			await page.keyboard.type('Normal ');
+
+			// Apply bold via keyboard shortcut (more reliable than toolbar click)
+			await page.keyboard.press('Control+b');
+			await page.keyboard.type('en gras');
+
+			await page.locator('#hw-due-date').fill(getNextWeekday(5));
+			await page.getByRole('button', { name: /créer le devoir/i }).click();
+
+			await expect(page.getByRole('dialog')).not.toBeVisible({ timeout: 10000 });
+			await expect(page.getByText('Devoir gras test')).toBeVisible({ timeout: 10000 });
+
+			// Verify bold is rendered in the description
+			const description = page.locator('.homework-description');
+			await expect(description.locator('strong')).toContainText('en gras');
+		});
+	});
+
+	// ============================================================================
+	// T4.2 : Upload attachment
+	// ============================================================================
+	test.describe('Attachments', () => {
+		test('can upload a PDF attachment to homework via edit modal', async ({ page }) => {
+			await loginAsTeacher(page);
+			await navigateToHomework(page);
+
+			// Create homework
+			await createHomework(page, 'Devoir avec PJ');
+
+			// Open edit modal
+			const hwCard = page.locator('.homework-card', { hasText: 'Devoir avec PJ' });
+			await hwCard.getByRole('button', { name: /modifier/i }).click();
+			await expect(page.getByRole('dialog')).toBeVisible({ timeout: 10000 });
+
+			// Upload file
+			const pdfPath = createTempPdf();
+			const fileInput = page.locator('.file-input-hidden');
+			await fileInput.setInputFiles(pdfPath);
+
+			// File appears in list
+			await expect(page.getByText('test-attachment.pdf')).toBeVisible({ timeout: 15000 });
+		});
+
+		// T4.3 : Delete attachment
+		test('can delete an uploaded attachment', async ({ page }) => {
+			await loginAsTeacher(page);
+			await navigateToHomework(page);
+
+			await createHomework(page, 'Devoir suppr PJ');
+
+			// Open edit modal and upload
+			const hwCard = page.locator('.homework-card', { hasText: 'Devoir suppr PJ' });
+			await hwCard.getByRole('button', { name: /modifier/i }).click();
+			await expect(page.getByRole('dialog')).toBeVisible({ timeout: 10000 });
+
+			const pdfPath = createTempPdf();
+			await page.locator('.file-input-hidden').setInputFiles(pdfPath);
+			await expect(page.getByText('test-attachment.pdf')).toBeVisible({ timeout: 15000 });
+
+			// Delete the attachment
+			await page.getByRole('button', { name: /supprimer test-attachment.pdf/i }).click();
+			await expect(page.getByText('test-attachment.pdf')).not.toBeVisible({ timeout: 5000 });
+		});
+	});
+
+	// ============================================================================
+	// T5.9.1 : Invalid file type rejection (P1)
+	// ============================================================================
+	test.describe('Invalid File Type Rejection', () => {
+		test('rejects a .txt file with an error message', async ({ page }) => {
+			await loginAsTeacher(page);
+			await navigateToHomework(page);
+
+			await createHomework(page, 'Devoir rejet fichier');
+
+			// Open edit modal
+			const hwCard = page.locator('.homework-card', { hasText: 'Devoir rejet fichier' });
+			await hwCard.getByRole('button', { name: /modifier/i }).click();
+			await expect(page.getByRole('dialog')).toBeVisible({ timeout: 10000 });
+
+			// Try to upload a .txt file
+			const txtPath = createTempTxt();
+			const fileInput = page.locator('.file-input-hidden');
+			await fileInput.setInputFiles(txtPath);
+
+			// Error message should appear
+			const errorAlert = page.locator('[role="alert"]');
+			await expect(errorAlert).toBeVisible({ timeout: 5000 });
+			await expect(errorAlert).toContainText('Type de fichier non accepté');
+
+			// The .txt file should NOT appear in the file list
+			await expect(page.getByText('test-invalid.txt')).not.toBeVisible();
+		});
+	});
+
+	// ============================================================================
+	// T5.9.2 : Attachment persistence after save (P1)
+	// ============================================================================
+	test.describe('Attachment Persistence', () => {
+		test('uploaded attachment persists after saving and reopening edit modal', async ({ page }) => {
+			await loginAsTeacher(page);
+			await navigateToHomework(page);
+
+			await createHomework(page, 'Devoir persistance PJ');
+
+			// Open edit modal
+			const hwCard = page.locator('.homework-card', { hasText: 'Devoir persistance PJ' });
+			await hwCard.getByRole('button', { name: /modifier/i }).click();
+			await expect(page.getByRole('dialog')).toBeVisible({ timeout: 10000 });
+
+			// Upload a PDF
+			const pdfPath = createTempPdf();
+			const fileInput = page.locator('.file-input-hidden');
+			await fileInput.setInputFiles(pdfPath);
+			await expect(page.getByText('test-attachment.pdf')).toBeVisible({ timeout: 15000 });
+
+			// Save the changes
+			await page.getByRole('button', { name: /enregistrer/i }).click();
+			await expect(page.getByRole('dialog')).not.toBeVisible({ timeout: 10000 });
+
+			// Reopen the edit modal
+			const hwCardAfterSave = page.locator('.homework-card', { hasText: 'Devoir persistance PJ' });
+			await hwCardAfterSave.getByRole('button', { name: /modifier/i }).click();
+			await expect(page.getByRole('dialog')).toBeVisible({ timeout: 10000 });
+
+			// The attachment should still be there
+			await expect(page.getByText('test-attachment.pdf')).toBeVisible({ timeout: 15000 });
+		});
+	});
+
+	// ============================================================================
+	// T5.9.3 : File size display after upload (P2)
+	// ============================================================================
+	test.describe('File Size Display', () => {
+		test('shows formatted file size after uploading a PDF', async ({ page }) => {
+			await loginAsTeacher(page);
+			await navigateToHomework(page);
+
+			await createHomework(page, 'Devoir taille fichier');
+
+			// Open edit modal
+			const hwCard = page.locator('.homework-card', { hasText: 'Devoir taille fichier' });
+			await hwCard.getByRole('button', { name: /modifier/i }).click();
+			await expect(page.getByRole('dialog')).toBeVisible({ timeout: 10000 });
+
+			// Upload a PDF
+			const pdfPath = createTempPdf();
+			const fileInput = page.locator('.file-input-hidden');
+			await fileInput.setInputFiles(pdfPath);
+			await expect(page.getByText('test-attachment.pdf')).toBeVisible({ timeout: 15000 });
+
+			// The file size element should be visible and show a formatted size (e.g., "xxx o" or "xxx Ko")
+			const fileSize = page.locator('.file-size');
+			await expect(fileSize).toBeVisible({ timeout: 5000 });
+			await expect(fileSize).toHaveText(/\d+(\.\d+)?\s*(o|Ko|Mo)/);
+		});
+	});
+
+	// ============================================================================
+	// T4.4 : Backward compatibility
+	// ============================================================================
+	test.describe('Backward Compatibility', () => {
+		test('existing plain text homework displays correctly', async ({ page }) => {
+			// Create homework with plain text description via SQL
+			runSql(
+				`INSERT INTO homework (id, tenant_id, class_id, subject_id, teacher_id, title, description, due_date, status, created_at, updated_at) ` +
+					`SELECT gen_random_uuid(), '${TENANT_ID}', c.id, s.id, u.id, 'Devoir texte brut E2E', 'Description simple sans balise HTML', '${getNextWeekday(10)}', 'published', NOW(), NOW() ` +
+					`FROM users u, school_classes c, subjects s ` +
+					`WHERE u.email = '${TEACHER_EMAIL}' AND u.tenant_id = '${TENANT_ID}' ` +
+					`AND c.tenant_id = '${TENANT_ID}' AND c.name = 'E2E-HW-6A' ` +
+					`AND s.tenant_id = '${TENANT_ID}' AND s.name = 'E2E-HW-Maths' ` +
+					`LIMIT 1`
+			);
+			clearCache();
+
+			await loginAsTeacher(page);
+			await navigateToHomework(page);
+
+			// Plain text description displays correctly
+			await expect(page.getByText('Devoir texte brut E2E')).toBeVisible({ timeout: 10000 });
+			await expect(page.getByText('Description simple sans balise HTML')).toBeVisible();
+		});
+
+		test('edit modal loads plain text in WYSIWYG editor', async ({ page }) => {
+			runSql(
+				`INSERT INTO homework (id, tenant_id, class_id, subject_id, teacher_id, title, description, due_date, status, created_at, updated_at) ` +
+					`SELECT gen_random_uuid(), '${TENANT_ID}', c.id, s.id, u.id, 'Devoir edit brut E2E', 'Ancienne description', '${getNextWeekday(10)}', 'published', NOW(), NOW() ` +
+					`FROM users u, school_classes c, subjects s ` +
+					`WHERE u.email = '${TEACHER_EMAIL}' AND u.tenant_id = '${TENANT_ID}' ` +
+					`AND c.tenant_id = '${TENANT_ID}' AND c.name = 'E2E-HW-6A' ` +
+					`AND s.tenant_id = '${TENANT_ID}' AND s.name = 'E2E-HW-Maths' ` +
+					`LIMIT 1`
+			);
+			clearCache();
+
+			await loginAsTeacher(page);
+			await navigateToHomework(page);
+
+			// Open edit modal
+			const hwCard = page.locator('.homework-card', { hasText: 'Devoir edit brut E2E' });
+			await hwCard.getByRole('button', { name: /modifier/i }).click();
+			await expect(page.getByRole('dialog')).toBeVisible({ timeout: 10000 });
+
+			// WYSIWYG editor contains the old text
+			const editorContent = page.locator('.modal .rich-text-content');
+			await expect(editorContent).toContainText('Ancienne description', { timeout: 5000 });
+		});
+	});
+});
diff --git a/frontend/e2e/homework.spec.ts b/frontend/e2e/homework.spec.ts
index 92be8eb..fc7f308 100644
--- a/frontend/e2e/homework.spec.ts
+++ b/frontend/e2e/homework.spec.ts
@@ -217,7 +217,7 @@ test.describe('Homework Management (Story 5.1)', () => {
 			await page.locator('#hw-title').fill('Exercices chapitre 5');
 
 			// Fill description
-			await page.locator('#hw-description').fill('Pages 42-45, exercices 1 à 10');
+			await page.locator('.modal .rich-text-content').click(); await page.locator('.modal .rich-text-content').pressSequentially('Pages 42-45, exercices 1 à 10');
 
 			// Set due date (next weekday, at least 2 days from now)
 			await page.locator('#hw-due-date').fill(getNextWeekday(3));
@@ -389,7 +389,7 @@ test.describe('Homework Management (Story 5.1)', () => {
 			await page.locator('#hw-class').selectOption({ index: 1 });
 			await page.locator('#hw-subject').selectOption({ index: 1 });
 			await page.locator('#hw-title').fill('Devoir date passée');
-			await page.locator('#hw-description').fill('Test validation');
+			await page.locator('.modal .rich-text-content').click(); await page.locator('.modal .rich-text-content').pressSequentially('Test validation');
 
 			// Set a past date — fill() works with Svelte 5 bind:value
 			const yesterday = new Date();
@@ -686,7 +686,7 @@ test.describe('Homework Management (Story 5.1)', () => {
 			await page.locator('#hw-class').selectOption({ index: 1 });
 			await page.locator('#hw-subject').selectOption({ index: 1 });
 			await page.locator('#hw-title').fill('Titre original');
-			await page.locator('#hw-description').fill('Description inchangée');
+			await page.locator('.modal .rich-text-content').click(); await page.locator('.modal .rich-text-content').pressSequentially('Description inchangée');
 			await page.locator('#hw-due-date').fill(dueDate);
 			await page.getByRole('button', { name: /créer le devoir/i }).click();
 			await expect(page.getByRole('dialog')).not.toBeVisible({ timeout: 10000 });
@@ -698,7 +698,7 @@ test.describe('Homework Management (Story 5.1)', () => {
 			await expect(editDialog).toBeVisible({ timeout: 10000 });
 
 			// Verify pre-filled values
-			await expect(page.locator('#edit-description')).toHaveValue('Description inchangée');
+			await expect(page.locator('.modal .rich-text-content')).toContainText('Description inchangée');
 			await expect(page.locator('#edit-due-date')).toHaveValue(dueDate);
 
 			// Change only the title
diff --git a/frontend/package.json b/frontend/package.json
index db75058..2ac1a7d 100644
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -34,7 +34,6 @@
     "eslint": "^9.0.0",
     "eslint-config-prettier": "^10.0.0",
     "eslint-plugin-svelte": "^3.0.0",
-    "svelte-eslint-parser": "^1.0.0",
     "jsdom": "^27.4.0",
     "postcss": "^8.4.47",
     "prettier": "^3.4.0",
@@ -42,6 +41,7 @@
     "prettier-plugin-tailwindcss": "^0.6.0",
     "svelte": "^5.15.0",
     "svelte-check": "^4.1.0",
+    "svelte-eslint-parser": "^1.0.0",
     "tailwindcss": "^3.4.16",
     "typescript": "^5.7.0",
     "typescript-eslint": "^8.54.0",
@@ -51,6 +51,10 @@
   "dependencies": {
     "@sentry/sveltekit": "^8.50.0",
     "@tanstack/svelte-query": "^5.66.0",
+    "@tiptap/core": "^3.20.4",
+    "@tiptap/extension-link": "^3.20.4",
+    "@tiptap/pm": "^3.20.4",
+    "@tiptap/starter-kit": "^3.20.4",
     "@vite-pwa/sveltekit": "^0.6.8",
     "web-vitals": "^4.2.0",
     "workbox-window": "^7.3.0"
diff --git a/frontend/pnpm-lock.yaml b/frontend/pnpm-lock.yaml
index 1b09973..20254da 100644
--- a/frontend/pnpm-lock.yaml
+++ b/frontend/pnpm-lock.yaml
@@ -14,6 +14,18 @@ importers:
       '@tanstack/svelte-query':
         specifier: ^5.66.0
         version: 5.90.2(svelte@5.49.1)
+      '@tiptap/core':
+        specifier: ^3.20.4
+        version: 3.20.4(@tiptap/pm@3.20.4)
+      '@tiptap/extension-link':
+        specifier: ^3.20.4
+        version: 3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))(@tiptap/pm@3.20.4)
+      '@tiptap/pm':
+        specifier: ^3.20.4
+        version: 3.20.4
+      '@tiptap/starter-kit':
+        specifier: ^3.20.4
+        version: 3.20.4
       '@vite-pwa/sveltekit':
         specifier: ^0.6.8
         version: 0.6.8(@sveltejs/kit@2.50.1(@opentelemetry/api@1.9.0)(@sveltejs/vite-plugin-svelte@5.1.1(svelte@5.49.1)(vite@6.4.1(@types/node@22.19.7)(jiti@1.21.7)(terser@5.46.0)))(svelte@5.49.1)(typescript@5.9.3)(vite@6.4.1(@types/node@22.19.7)(jiti@1.21.7)(terser@5.46.0)))(vite-plugin-pwa@0.21.2(vite@6.4.1(@types/node@22.19.7)(jiti@1.21.7)(terser@5.46.0))(workbox-build@7.4.0)(workbox-window@7.4.0))
@@ -1315,6 +1327,9 @@ packages:
   '@prisma/instrumentation@5.22.0':
     resolution: {integrity: sha512-LxccF392NN37ISGxIurUljZSh1YWnphO34V5a0+T7FVQG2u9bhAXRTJpgmQ3483woVhkraQZFF7cbRrpbw/F4Q==}
 
+  '@remirror/core-constants@3.0.0':
+    resolution: {integrity: sha512-42aWfPrimMfDKDi4YegyS7x+/0tlzaqwPQCULLanv3DMIlu96KTJR0fM5isWX2UViOqlGnX6YFgqWepcX+XMNg==}
+
   '@rollup/plugin-babel@5.3.1':
     resolution: {integrity: sha512-WFfdLWU/xVWKeRQnKmIAQULUI7Il0gZnBIH/ZFO069wYIfPu+8zrfp/KMW0atmELoRDq8FbiP3VCss9MhCut7Q==}
     engines: {node: '>= 10.0.0'}
@@ -1741,6 +1756,132 @@ packages:
       vitest:
         optional: true
 
+  '@tiptap/core@3.20.4':
+    resolution: {integrity: sha512-3i/DG89TFY/b34T5P+j35UcjYuB5d3+9K8u6qID+iUqNPiza015HPIZLuPfE5elNwVdV3EXIoPo0LLeBLgXXAg==}
+    peerDependencies:
+      '@tiptap/pm': ^3.20.4
+
+  '@tiptap/extension-blockquote@3.20.4':
+    resolution: {integrity: sha512-9sskyyhYj2oKat//lyZVXCp9YrPt4oJAZnGHYWXS0xlskjsLElrfKKlM4vpbhGss3VrhQRoEGqWLnIaJYPF1zw==}
+    peerDependencies:
+      '@tiptap/core': ^3.20.4
+
+  '@tiptap/extension-bold@3.20.4':
+    resolution: {integrity: sha512-Md7/mNAeJCY+VLJc8JRGI+8XkVPKiOGB1NgqQPdh3aYtxXQDChQOZoJEQl6TuudDxZ85bLZB67NjZlx3jo8/0g==}
+    peerDependencies:
+      '@tiptap/core': ^3.20.4
+
+  '@tiptap/extension-bullet-list@3.20.4':
+    resolution: {integrity: sha512-1RTGrur1EKoxfnLZ3M6xeNj8GITAz74jH2DHGcjLsd2Xr7Q7BozGaIq6GkkvKguMwbI1zCOxTHFCpUETXAIQQA==}
+    peerDependencies:
+      '@tiptap/extension-list': ^3.20.4
+
+  '@tiptap/extension-code-block@3.20.4':
+    resolution: {integrity: sha512-Zlw3FrXTy01+o1yISeX/LC+iJeHA+ym602bMXGmtA6lyl7QSOSO7WExweJ6xeJGhbCjldwT5al6fkRAs8iGJZg==}
+    peerDependencies:
+      '@tiptap/core': ^3.20.4
+      '@tiptap/pm': ^3.20.4
+
+  '@tiptap/extension-code@3.20.4':
+    resolution: {integrity: sha512-7j8Hi964bH1SZ9oLdZC1fkqWz27mliSDV7M8lmL/M14+Qw42D/VOAKS4Aw9OCFtHMlTsjLR6qsoVxL8Lpkt6NA==}
+    peerDependencies:
+      '@tiptap/core': ^3.20.4
+
+  '@tiptap/extension-document@3.20.4':
+    resolution: {integrity: sha512-zF1CIFVLt8MfSpWWnPwtGyxPOsT0xYM2qJKcXf2yZcTG37wDKmUi6heG53vGigIavbQlLaAFvs+1mNdOu2x/0A==}
+    peerDependencies:
+      '@tiptap/core': ^3.20.4
+
+  '@tiptap/extension-dropcursor@3.20.4':
+    resolution: {integrity: sha512-TgMwvZ8myXYdmd6bUV7qkpZXv7ZUiSmX/8eo+iPEzYo2CnDLAGvDKgC50nfq/g87SDvfBgPuAiBfFvsMQQWaTw==}
+    peerDependencies:
+      '@tiptap/extensions': ^3.20.4
+
+  '@tiptap/extension-gapcursor@3.20.4':
+    resolution: {integrity: sha512-JJ6f1iQ1e0s4kISgq55U3UYGwWV/N9f0PYMtB6e3L+SBQjXnywaLK0g6vfN6IvTCC2vdIuqeSOX8VlSO97sJLw==}
+    peerDependencies:
+      '@tiptap/extensions': ^3.20.4
+
+  '@tiptap/extension-hard-break@3.20.4':
+    resolution: {integrity: sha512-gJbq58d8zB1gzyqVEopowej5CpW4/Fpg6oGJvlZxaCukqd0gJRWGC89K+jE62YA1Td4sfcKrekKvN7jm2y/ZUg==}
+    peerDependencies:
+      '@tiptap/core': ^3.20.4
+
+  '@tiptap/extension-heading@3.20.4':
+    resolution: {integrity: sha512-xsnkmTGggJc5P2iCwS1lv8KFG31xC/GNPJKoi/3UH67j/lKDhA3AdtshsLeyv2FKtTtYDb8oV0IqzHB1MM6a7w==}
+    peerDependencies:
+      '@tiptap/core': ^3.20.4
+
+  '@tiptap/extension-horizontal-rule@3.20.4':
+    resolution: {integrity: sha512-y6joCi49haAA0bo3EGUY+dWUMHH1GPUc84hxrBY/0pMs+Bn+kQ1+DQJErZDTWGJrlHPWU/yekBZT72SNdp0DNA==}
+    peerDependencies:
+      '@tiptap/core': ^3.20.4
+      '@tiptap/pm': ^3.20.4
+
+  '@tiptap/extension-italic@3.20.4':
+    resolution: {integrity: sha512-4ZqiWr7cmqPFux8tj1ZLiYytyWf343IvQemNX6AvVWvscrJcrfj3YX4Le2BA0RW3A3M6RpLQXXozuF8vxYFDeQ==}
+    peerDependencies:
+      '@tiptap/core': ^3.20.4
+
+  '@tiptap/extension-link@3.20.4':
+    resolution: {integrity: sha512-JNDSkWrVdb8NSvbQXwHWvK5tCMbTWwOHFOweknQZ1JPK4dei9FJVofYQaHyW4bJBdcCjds3NZSnXE8DM9iAWmg==}
+    peerDependencies:
+      '@tiptap/core': ^3.20.4
+      '@tiptap/pm': ^3.20.4
+
+  '@tiptap/extension-list-item@3.20.4':
+    resolution: {integrity: sha512-QoTc5RACXaZF+vIIBBxjGO7D0oWFUDgBKJCpvUZ0CoGGKosnfe4a9I5THFyLj4201cf0oUqgf1oZhTqETGxlVw==}
+    peerDependencies:
+      '@tiptap/extension-list': ^3.20.4
+
+  '@tiptap/extension-list-keymap@3.20.4':
+    resolution: {integrity: sha512-RIqXM649+8IP7p/KVfaGlJiwjCylm1m6OPlaoM3K8O7oEOGRQzNeexexECCD2jsXRxew4E+vBNMD2orXqJmu8A==}
+    peerDependencies:
+      '@tiptap/extension-list': ^3.20.4
+
+  '@tiptap/extension-list@3.20.4':
+    resolution: {integrity: sha512-X+5plTKhOioNcQ4KsAFJJSb/3+zR8Xhdpow4HzXtoV1KcbdDey1fhZdpsfkbrzCL0s6/wAgwZuAchCK7HujurQ==}
+    peerDependencies:
+      '@tiptap/core': ^3.20.4
+      '@tiptap/pm': ^3.20.4
+
+  '@tiptap/extension-ordered-list@3.20.4':
+    resolution: {integrity: sha512-3budNL8BgBon3TcXZ4hjT0YpFvx1Ka3uSIECKDxHgES+OQcR+6cagxSb60gFEccf3Dr0PIwcVTY6g14lC1qKRQ==}
+    peerDependencies:
+      '@tiptap/extension-list': ^3.20.4
+
+  '@tiptap/extension-paragraph@3.20.4':
+    resolution: {integrity: sha512-lm6fOScWuZAF/Sfp97igUwFd3L1QHIVLAWP5NVdh0DTLrEIt4rMBmsww+yOpMQRhvz2uTgMbMXynrimhzi/QVw==}
+    peerDependencies:
+      '@tiptap/core': ^3.20.4
+
+  '@tiptap/extension-strike@3.20.4':
+    resolution: {integrity: sha512-It1Px9uDGTsVqyyg6cy7DigLoenljpQwqdI0jssM7QclZrHnsrye9fZxBBiiuCzzV1305MxKgHvratkHwqmVNA==}
+    peerDependencies:
+      '@tiptap/core': ^3.20.4
+
+  '@tiptap/extension-text@3.20.4':
+    resolution: {integrity: sha512-jchJcBZixDEO2J66Zx5dchsI2mA6IYsROqF8P1poxL4ienH7RVQRCTsBNnSfIeOtREKKWeOU/tEs5fcpvvGwIQ==}
+    peerDependencies:
+      '@tiptap/core': ^3.20.4
+
+  '@tiptap/extension-underline@3.20.4':
+    resolution: {integrity: sha512-0OjMc3FDujX16G+jhvqcY/mLot8SrNtDu8ggUwNLAfiI/QIvMVgk7giFD71DATC/4Nb8i/iwAEegTD8MxBIXCg==}
+    peerDependencies:
+      '@tiptap/core': ^3.20.4
+
+  '@tiptap/extensions@3.20.4':
+    resolution: {integrity: sha512-8p6hVT65DjuQjtEdlH6ewX9SOJHlVQAOee3sWIJQmeJNRnZNvqPIBLleebUqDiljNTpxBv6s6QWkSTKgf3btwg==}
+    peerDependencies:
+      '@tiptap/core': ^3.20.4
+      '@tiptap/pm': ^3.20.4
+
+  '@tiptap/pm@3.20.4':
+    resolution: {integrity: sha512-rCHYSBToilBEuI6PtjziHDdRkABH/XqwJ7dG4Amn/SD3yGiZKYCiEApQlTUS2zZeo8DsLeuqqqB4vEOeD4OEPg==}
+
+  '@tiptap/starter-kit@3.20.4':
+    resolution: {integrity: sha512-WcyK6hsTl8eBsQhQ+d9Sq8fYZKOYdL+D45MyH3hz583elXqJlW3h3JPFYb0o87gddGxn8Mm57OA/gA1zEdeDMw==}
+
   '@types/aria-query@5.0.4':
     resolution: {integrity: sha512-rfT93uj5s0PRL7EzccGMs3brplhcrghnDoV26NqKhCAS1hVo+WdNsPvE/yb6ilfr5hi2MEk6d5EWJTKdxg8jVw==}
 
@@ -1759,6 +1900,15 @@ packages:
   '@types/json-schema@7.0.15':
     resolution: {integrity: sha512-5+fP8P8MFNC+AyZCDxrB2pkZFPGzqQWUzpSeuuVLvm8VMcorNYavBqoFcxK8bQz4Qsbn4oUEEem4wDLfcysGHA==}
 
+  '@types/linkify-it@5.0.0':
+    resolution: {integrity: sha512-sVDA58zAw4eWAffKOaQH5/5j3XeayukzDk+ewSsnv3p4yJEZHCCzMDiZM8e0OUrRvmpGZ85jf4yDHkHsgBNr9Q==}
+
+  '@types/markdown-it@14.1.2':
+    resolution: {integrity: sha512-promo4eFwuiW+TfGxhi+0x3czqTYJkG8qB17ZUJiVF10Xm7NLVRSLUsfRTU/6h1e24VvRnXCx+hG7li58lkzog==}
+
+  '@types/mdurl@2.0.0':
+    resolution: {integrity: sha512-RGdgjQUZba5p6QEFAVx2OGb8rQDL/cPRG7GiedRzMcJ1tYnUANBncjbSB1NRGwbvjcPeikRABz2nshyPk1bhWg==}
+
   '@types/mysql@2.15.26':
     resolution: {integrity: sha512-DSLCOXhkvfS5WNNPbfn2KdICAmk8lLc+/PNvnPnF7gOdMZCxopXduqv0OQ13y/yA/zXTSikZZqVgybUxOEg6YQ==}
 
@@ -2137,6 +2287,9 @@ packages:
   core-js-compat@3.48.0:
     resolution: {integrity: sha512-OM4cAF3D6VtH/WkLtWvyNC56EZVXsZdU3iqaMG2B4WvYrlqU831pc4UtG5yp0sE9z8Y02wVN7PjW5Zf9Gt0f1Q==}
 
+  crelt@1.0.6:
+    resolution: {integrity: sha512-VQ2MBenTq1fWZUH9DJNGti7kKv6EeAuYr3cLwxUWhIu1baTaXh4Ib5W2CqHVqib4/MqbYGJqiL3Zb8GJZr3l4g==}
+
   cross-spawn@7.0.6:
     resolution: {integrity: sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==}
     engines: {node: '>= 8'}
@@ -2246,6 +2399,10 @@ packages:
   emoji-regex@9.2.2:
     resolution: {integrity: sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==}
 
+  entities@4.5.0:
+    resolution: {integrity: sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==}
+    engines: {node: '>=0.12'}
+
   entities@6.0.1:
     resolution: {integrity: sha512-aN97NXWF6AWBTahfVOIrB/NShkzi5H7F9r1s9mD3cDj4Ko5f2qhhVoYMibXF7GlLveb/D2ioWay8lxI97Ven3g==}
     engines: {node: '>=0.12'}
@@ -2864,6 +3021,12 @@ packages:
   lines-and-columns@1.2.4:
     resolution: {integrity: sha512-7ylylesZQ/PV29jhEDl3Ufjo6ZX7gCqJr5F7PKrqc93v7fzSymt1BpwEU8nAUXs8qzzvqhbjhK5QZg6Mt/HkBg==}
 
+  linkify-it@5.0.0:
+    resolution: {integrity: sha512-5aHCbzQRADcdP+ATqnDuhhJ/MRIqDkZX5pyjFHRRysS8vZ5AbqGEoFIb6pYHPZ+L/OC2Lc+xT8uHVVR5CAK/wQ==}
+
+  linkifyjs@4.3.2:
+    resolution: {integrity: sha512-NT1CJtq3hHIreOianA8aSXn6Cw0JzYOuDQbOrSPe7gqFnCpKP++MQe3ODgO3oh2GJFORkAAdqredOa60z63GbA==}
+
   locate-character@3.0.0:
     resolution: {integrity: sha512-SW13ws7BjaeJ6p7Q6CO2nchbYEc3X3J6WrmTTDto7yMPqVSZTUyY5Tjbid+Ab8gLnATtygYtiDIJGQRRn2ZOiA==}
 
@@ -2924,6 +3087,10 @@ packages:
     resolution: {integrity: sha512-hXdUTZYIVOt1Ex//jAQi+wTZZpUpwBj/0QsOzqegb3rGMMeJiSEu5xLHnYfBrRV4RH2+OCSOO95Is/7x1WJ4bw==}
     engines: {node: '>=10'}
 
+  markdown-it@14.1.1:
+    resolution: {integrity: sha512-BuU2qnTti9YKgK5N+IeMubp14ZUKUUw7yeJbkjtosvHiP0AZ5c8IAgEMk79D0eC8F23r4Ac/q8cAIFdm2FtyoA==}
+    hasBin: true
+
   math-intrinsics@1.1.0:
     resolution: {integrity: sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==}
     engines: {node: '>= 0.4'}
@@ -2931,6 +3098,9 @@ packages:
   mdn-data@2.12.2:
     resolution: {integrity: sha512-IEn+pegP1aManZuckezWCO+XZQDplx1366JoVhTpMpBB1sPey/SbveZQUosKiKiGYjg1wH4pMlNgXbCiYgihQA==}
 
+  mdurl@2.0.0:
+    resolution: {integrity: sha512-Lf+9+2r+Tdp5wXDXC4PcIBjTDtq4UKjCPMQhKIuzpJNW0b96kVqSwW0bT7FhRSfmAiFYgP+SCRvdrDozfh0U5w==}
+
   merge2@1.4.1:
     resolution: {integrity: sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==}
     engines: {node: '>= 8'}
@@ -3038,6 +3208,9 @@ packages:
     resolution: {integrity: sha512-6IpQ7mKUxRcZNLIObR0hz7lxsapSSIYNZJwXPGeF0mTVqGKFIXj1DQcMoT22S3ROcLyY/rz0PWaWZ9ayWmad9g==}
     engines: {node: '>= 0.8.0'}
 
+  orderedmap@2.1.1:
+    resolution: {integrity: sha512-TvAWxi0nDe1j/rtMcWcIj94+Ffe6n7zhow33h40SKxmsmozs6dz/e+EajymfoFcHd7sxNn8yHM8839uixMOV6g==}
+
   own-keys@1.0.1:
     resolution: {integrity: sha512-qFOyK5PjiWZd+QQIh+1jhdb9LpxTF0qs7Pm8o5QHYZ0M3vKqSqzsZaEB6oWlxZ+q2sJBMI/Ktgd2N5ZwQoRHfg==}
     engines: {node: '>= 0.4'}
@@ -3317,9 +3490,71 @@ packages:
     resolution: {integrity: sha512-7PiHtLll5LdnKIMw100I+8xJXR5gW2QwWYkT6iJva0bXitZKa/XMrSbdmg3r2Xnaidz9Qumd0VPaMrZlF9V9sA==}
     engines: {node: '>=0.4.0'}
 
+  prosemirror-changeset@2.4.0:
+    resolution: {integrity: sha512-LvqH2v7Q2SF6yxatuPP2e8vSUKS/L+xAU7dPDC4RMyHMhZoGDfBC74mYuyYF4gLqOEG758wajtyhNnsTkuhvng==}
+
+  prosemirror-collab@1.3.1:
+    resolution: {integrity: sha512-4SnynYR9TTYaQVXd/ieUvsVV4PDMBzrq2xPUWutHivDuOshZXqQ5rGbZM84HEaXKbLdItse7weMGOUdDVcLKEQ==}
+
+  prosemirror-commands@1.7.1:
+    resolution: {integrity: sha512-rT7qZnQtx5c0/y/KlYaGvtG411S97UaL6gdp6RIZ23DLHanMYLyfGBV5DtSnZdthQql7W+lEVbpSfwtO8T+L2w==}
+
+  prosemirror-dropcursor@1.8.2:
+    resolution: {integrity: sha512-CCk6Gyx9+Tt2sbYk5NK0nB1ukHi2ryaRgadV/LvyNuO3ena1payM2z6Cg0vO1ebK8cxbzo41ku2DE5Axj1Zuiw==}
+
+  prosemirror-gapcursor@1.4.1:
+    resolution: {integrity: sha512-pMdYaEnjNMSwl11yjEGtgTmLkR08m/Vl+Jj443167p9eB3HVQKhYCc4gmHVDsLPODfZfjr/MmirsdyZziXbQKw==}
+
+  prosemirror-history@1.5.0:
+    resolution: {integrity: sha512-zlzTiH01eKA55UAf1MEjtssJeHnGxO0j4K4Dpx+gnmX9n+SHNlDqI2oO1Kv1iPN5B1dm5fsljCfqKF9nFL6HRg==}
+
+  prosemirror-inputrules@1.5.1:
+    resolution: {integrity: sha512-7wj4uMjKaXWAQ1CDgxNzNtR9AlsuwzHfdFH1ygEHA2KHF2DOEaXl1CJfNPAKCg9qNEh4rum975QLaCiQPyY6Fw==}
+
+  prosemirror-keymap@1.2.3:
+    resolution: {integrity: sha512-4HucRlpiLd1IPQQXNqeo81BGtkY8Ai5smHhKW9jjPKRc2wQIxksg7Hl1tTI2IfT2B/LgX6bfYvXxEpJl7aKYKw==}
+
+  prosemirror-markdown@1.13.4:
+    resolution: {integrity: sha512-D98dm4cQ3Hs6EmjK500TdAOew4Z03EV71ajEFiWra3Upr7diytJsjF4mPV2dW+eK5uNectiRj0xFxYI9NLXDbw==}
+
+  prosemirror-menu@1.3.0:
+    resolution: {integrity: sha512-TImyPXCHPcDsSka2/lwJ6WjTASr4re/qWq1yoTTuLOqfXucwF6VcRa2LWCkM/EyTD1UO3CUwiH8qURJoWJRxwg==}
+
+  prosemirror-model@1.25.4:
+    resolution: {integrity: sha512-PIM7E43PBxKce8OQeezAs9j4TP+5yDpZVbuurd1h5phUxEKIu+G2a+EUZzIC5nS1mJktDJWzbqS23n1tsAf5QA==}
+
+  prosemirror-schema-basic@1.2.4:
+    resolution: {integrity: sha512-ELxP4TlX3yr2v5rM7Sb70SqStq5NvI15c0j9j/gjsrO5vaw+fnnpovCLEGIcpeGfifkuqJwl4fon6b+KdrODYQ==}
+
+  prosemirror-schema-list@1.5.1:
+    resolution: {integrity: sha512-927lFx/uwyQaGwJxLWCZRkjXG0p48KpMj6ueoYiu4JX05GGuGcgzAy62dfiV8eFZftgyBUvLx76RsMe20fJl+Q==}
+
+  prosemirror-state@1.4.4:
+    resolution: {integrity: sha512-6jiYHH2CIGbCfnxdHbXZ12gySFY/fz/ulZE333G6bPqIZ4F+TXo9ifiR86nAHpWnfoNjOb3o5ESi7J8Uz1jXHw==}
+
+  prosemirror-tables@1.8.5:
+    resolution: {integrity: sha512-V/0cDCsHKHe/tfWkeCmthNUcEp1IVO3p6vwN8XtwE9PZQLAZJigbw3QoraAdfJPir4NKJtNvOB8oYGKRl+t0Dw==}
+
+  prosemirror-trailing-node@3.0.0:
+    resolution: {integrity: sha512-xiun5/3q0w5eRnGYfNlW1uU9W6x5MoFKWwq/0TIRgt09lv7Hcser2QYV8t4muXbEr+Fwo0geYn79Xs4GKywrRQ==}
+    peerDependencies:
+      prosemirror-model: ^1.22.1
+      prosemirror-state: ^1.4.2
+      prosemirror-view: ^1.33.8
+
+  prosemirror-transform@1.11.0:
+    resolution: {integrity: sha512-4I7Ce4KpygXb9bkiPS3hTEk4dSHorfRw8uI0pE8IhxlK2GXsqv5tIA7JUSxtSu7u8APVOTtbUBxTmnHIxVkIJw==}
+
+  prosemirror-view@1.41.7:
+    resolution: {integrity: sha512-jUwKNCEIGiqdvhlS91/2QAg21e4dfU5bH2iwmSDQeosXJgKF7smG0YSplOWK0cjSNgIqXe7VXqo7EIfUFJdt3w==}
+
   proxy-from-env@1.1.0:
     resolution: {integrity: sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==}
 
+  punycode.js@2.3.1:
+    resolution: {integrity: sha512-uxFIHU0YlHYhDQtV4R9J6a52SLx28BCjT+4ieh7IGbgwVJWO+km431c4yRlREUAsAmt/uMjQUyQHNEPf0M39CA==}
+    engines: {node: '>=6'}
+
   punycode@2.3.1:
     resolution: {integrity: sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==}
     engines: {node: '>=6'}
@@ -3405,6 +3640,9 @@ packages:
     engines: {node: '>=18.0.0', npm: '>=8.0.0'}
     hasBin: true
 
+  rope-sequence@1.3.4:
+    resolution: {integrity: sha512-UT5EDe2cu2E/6O4igUr5PSFs23nvvukicWHx6GnOPlHAiiYbzNuCRQCuiUdHJQcqKalLKlrYJnjY0ySGsXNQXQ==}
+
   run-parallel@1.2.0:
     resolution: {integrity: sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==}
 
@@ -3748,6 +3986,9 @@ packages:
     engines: {node: '>=14.17'}
     hasBin: true
 
+  uc.micro@2.1.0:
+    resolution: {integrity: sha512-ARDJmphmdvUk6Glw7y9DQ2bFkKBHwQHLi2lsaH6PPmz/Ka9sFOBsBluozhDltWmnv9u/cF6Rt87znRTPV+yp/A==}
+
   unbox-primitive@1.1.0:
     resolution: {integrity: sha512-nWJ91DjeOkej/TA8pXQ3myruKpKEYgqvpw9lz4OPHj/NWFNluYrjbz9j01CJ8yKQd2g4jFoOkINCTW2I5LEEyw==}
     engines: {node: '>= 0.4'}
@@ -3919,6 +4160,9 @@ packages:
       jsdom:
         optional: true
 
+  w3c-keyname@2.2.8:
+    resolution: {integrity: sha512-dpojBhNsCNN7T82Tm7k26A6G9ML3NkhDsnw9n/eoxSRlVBB4CEtIQ/KTCLI2Fwf3ataSXRhYFkQi3SlnFwPvPQ==}
+
   w3c-xmlserializer@5.0.0:
     resolution: {integrity: sha512-o8qghlI8NZHU1lLPrpi2+Uq7abh4GGPpYANlalzWxyWteJOCsr/P+oPBA49TOLu5FTZO4d3F9MnWJfiMo4BkmA==}
     engines: {node: '>=18'}
@@ -5368,6 +5612,8 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
+  '@remirror/core-constants@3.0.0': {}
+
   '@rollup/plugin-babel@5.3.1(@babel/core@7.28.6)(rollup@2.79.2)':
     dependencies:
       '@babel/core': 7.28.6
@@ -5815,6 +6061,152 @@ snapshots:
       vite: 6.4.1(@types/node@22.19.7)(jiti@1.21.7)(terser@5.46.0)
       vitest: 2.1.9(@types/node@22.19.7)(jsdom@27.4.0)(terser@5.46.0)
 
+  '@tiptap/core@3.20.4(@tiptap/pm@3.20.4)':
+    dependencies:
+      '@tiptap/pm': 3.20.4
+
+  '@tiptap/extension-blockquote@3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))':
+    dependencies:
+      '@tiptap/core': 3.20.4(@tiptap/pm@3.20.4)
+
+  '@tiptap/extension-bold@3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))':
+    dependencies:
+      '@tiptap/core': 3.20.4(@tiptap/pm@3.20.4)
+
+  '@tiptap/extension-bullet-list@3.20.4(@tiptap/extension-list@3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))(@tiptap/pm@3.20.4))':
+    dependencies:
+      '@tiptap/extension-list': 3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))(@tiptap/pm@3.20.4)
+
+  '@tiptap/extension-code-block@3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))(@tiptap/pm@3.20.4)':
+    dependencies:
+      '@tiptap/core': 3.20.4(@tiptap/pm@3.20.4)
+      '@tiptap/pm': 3.20.4
+
+  '@tiptap/extension-code@3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))':
+    dependencies:
+      '@tiptap/core': 3.20.4(@tiptap/pm@3.20.4)
+
+  '@tiptap/extension-document@3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))':
+    dependencies:
+      '@tiptap/core': 3.20.4(@tiptap/pm@3.20.4)
+
+  '@tiptap/extension-dropcursor@3.20.4(@tiptap/extensions@3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))(@tiptap/pm@3.20.4))':
+    dependencies:
+      '@tiptap/extensions': 3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))(@tiptap/pm@3.20.4)
+
+  '@tiptap/extension-gapcursor@3.20.4(@tiptap/extensions@3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))(@tiptap/pm@3.20.4))':
+    dependencies:
+      '@tiptap/extensions': 3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))(@tiptap/pm@3.20.4)
+
+  '@tiptap/extension-hard-break@3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))':
+    dependencies:
+      '@tiptap/core': 3.20.4(@tiptap/pm@3.20.4)
+
+  '@tiptap/extension-heading@3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))':
+    dependencies:
+      '@tiptap/core': 3.20.4(@tiptap/pm@3.20.4)
+
+  '@tiptap/extension-horizontal-rule@3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))(@tiptap/pm@3.20.4)':
+    dependencies:
+      '@tiptap/core': 3.20.4(@tiptap/pm@3.20.4)
+      '@tiptap/pm': 3.20.4
+
+  '@tiptap/extension-italic@3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))':
+    dependencies:
+      '@tiptap/core': 3.20.4(@tiptap/pm@3.20.4)
+
+  '@tiptap/extension-link@3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))(@tiptap/pm@3.20.4)':
+    dependencies:
+      '@tiptap/core': 3.20.4(@tiptap/pm@3.20.4)
+      '@tiptap/pm': 3.20.4
+      linkifyjs: 4.3.2
+
+  '@tiptap/extension-list-item@3.20.4(@tiptap/extension-list@3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))(@tiptap/pm@3.20.4))':
+    dependencies:
+      '@tiptap/extension-list': 3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))(@tiptap/pm@3.20.4)
+
+  '@tiptap/extension-list-keymap@3.20.4(@tiptap/extension-list@3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))(@tiptap/pm@3.20.4))':
+    dependencies:
+      '@tiptap/extension-list': 3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))(@tiptap/pm@3.20.4)
+
+  '@tiptap/extension-list@3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))(@tiptap/pm@3.20.4)':
+    dependencies:
+      '@tiptap/core': 3.20.4(@tiptap/pm@3.20.4)
+      '@tiptap/pm': 3.20.4
+
+  '@tiptap/extension-ordered-list@3.20.4(@tiptap/extension-list@3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))(@tiptap/pm@3.20.4))':
+    dependencies:
+      '@tiptap/extension-list': 3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))(@tiptap/pm@3.20.4)
+
+  '@tiptap/extension-paragraph@3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))':
+    dependencies:
+      '@tiptap/core': 3.20.4(@tiptap/pm@3.20.4)
+
+  '@tiptap/extension-strike@3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))':
+    dependencies:
+      '@tiptap/core': 3.20.4(@tiptap/pm@3.20.4)
+
+  '@tiptap/extension-text@3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))':
+    dependencies:
+      '@tiptap/core': 3.20.4(@tiptap/pm@3.20.4)
+
+  '@tiptap/extension-underline@3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))':
+    dependencies:
+      '@tiptap/core': 3.20.4(@tiptap/pm@3.20.4)
+
+  '@tiptap/extensions@3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))(@tiptap/pm@3.20.4)':
+    dependencies:
+      '@tiptap/core': 3.20.4(@tiptap/pm@3.20.4)
+      '@tiptap/pm': 3.20.4
+
+  '@tiptap/pm@3.20.4':
+    dependencies:
+      prosemirror-changeset: 2.4.0
+      prosemirror-collab: 1.3.1
+      prosemirror-commands: 1.7.1
+      prosemirror-dropcursor: 1.8.2
+      prosemirror-gapcursor: 1.4.1
+      prosemirror-history: 1.5.0
+      prosemirror-inputrules: 1.5.1
+      prosemirror-keymap: 1.2.3
+      prosemirror-markdown: 1.13.4
+      prosemirror-menu: 1.3.0
+      prosemirror-model: 1.25.4
+      prosemirror-schema-basic: 1.2.4
+      prosemirror-schema-list: 1.5.1
+      prosemirror-state: 1.4.4
+      prosemirror-tables: 1.8.5
+      prosemirror-trailing-node: 3.0.0(prosemirror-model@1.25.4)(prosemirror-state@1.4.4)(prosemirror-view@1.41.7)
+      prosemirror-transform: 1.11.0
+      prosemirror-view: 1.41.7
+
+  '@tiptap/starter-kit@3.20.4':
+    dependencies:
+      '@tiptap/core': 3.20.4(@tiptap/pm@3.20.4)
+      '@tiptap/extension-blockquote': 3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))
+      '@tiptap/extension-bold': 3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))
+      '@tiptap/extension-bullet-list': 3.20.4(@tiptap/extension-list@3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))(@tiptap/pm@3.20.4))
+      '@tiptap/extension-code': 3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))
+      '@tiptap/extension-code-block': 3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))(@tiptap/pm@3.20.4)
+      '@tiptap/extension-document': 3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))
+      '@tiptap/extension-dropcursor': 3.20.4(@tiptap/extensions@3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))(@tiptap/pm@3.20.4))
+      '@tiptap/extension-gapcursor': 3.20.4(@tiptap/extensions@3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))(@tiptap/pm@3.20.4))
+      '@tiptap/extension-hard-break': 3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))
+      '@tiptap/extension-heading': 3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))
+      '@tiptap/extension-horizontal-rule': 3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))(@tiptap/pm@3.20.4)
+      '@tiptap/extension-italic': 3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))
+      '@tiptap/extension-link': 3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))(@tiptap/pm@3.20.4)
+      '@tiptap/extension-list': 3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))(@tiptap/pm@3.20.4)
+      '@tiptap/extension-list-item': 3.20.4(@tiptap/extension-list@3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))(@tiptap/pm@3.20.4))
+      '@tiptap/extension-list-keymap': 3.20.4(@tiptap/extension-list@3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))(@tiptap/pm@3.20.4))
+      '@tiptap/extension-ordered-list': 3.20.4(@tiptap/extension-list@3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))(@tiptap/pm@3.20.4))
+      '@tiptap/extension-paragraph': 3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))
+      '@tiptap/extension-strike': 3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))
+      '@tiptap/extension-text': 3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))
+      '@tiptap/extension-underline': 3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))
+      '@tiptap/extensions': 3.20.4(@tiptap/core@3.20.4(@tiptap/pm@3.20.4))(@tiptap/pm@3.20.4)
+      '@tiptap/pm': 3.20.4
+
   '@types/aria-query@5.0.4': {}
 
   '@types/connect@3.4.36':
@@ -5829,6 +6221,15 @@ snapshots:
 
   '@types/json-schema@7.0.15': {}
 
+  '@types/linkify-it@5.0.0': {}
+
+  '@types/markdown-it@14.1.2':
+    dependencies:
+      '@types/linkify-it': 5.0.0
+      '@types/mdurl': 2.0.0
+
+  '@types/mdurl@2.0.0': {}
+
   '@types/mysql@2.15.26':
     dependencies:
       '@types/node': 22.19.7
@@ -6257,6 +6658,8 @@ snapshots:
     dependencies:
       browserslist: 4.28.1
 
+  crelt@1.0.6: {}
+
   cross-spawn@7.0.6:
     dependencies:
       path-key: 3.1.1
@@ -6356,6 +6759,8 @@ snapshots:
 
   emoji-regex@9.2.2: {}
 
+  entities@4.5.0: {}
+
   entities@6.0.1: {}
 
   es-abstract@1.24.1:
@@ -7107,6 +7512,12 @@ snapshots:
 
   lines-and-columns@1.2.4: {}
 
+  linkify-it@5.0.0:
+    dependencies:
+      uc.micro: 2.1.0
+
+  linkifyjs@4.3.2: {}
+
   locate-character@3.0.0: {}
 
   locate-path@6.0.0:
@@ -7165,10 +7576,21 @@ snapshots:
     dependencies:
       semver: 7.7.3
 
+  markdown-it@14.1.1:
+    dependencies:
+      argparse: 2.0.1
+      entities: 4.5.0
+      linkify-it: 5.0.0
+      mdurl: 2.0.0
+      punycode.js: 2.3.1
+      uc.micro: 2.1.0
+
   math-intrinsics@1.1.0: {}
 
   mdn-data@2.12.2: {}
 
+  mdurl@2.0.0: {}
+
   merge2@1.4.1: {}
 
   micromatch@4.0.8:
@@ -7256,6 +7678,8 @@ snapshots:
       type-check: 0.4.0
       word-wrap: 1.2.5
 
+  orderedmap@2.1.1: {}
+
   own-keys@1.0.1:
     dependencies:
       get-intrinsic: 1.3.0
@@ -7431,8 +7855,113 @@ snapshots:
 
   progress@2.0.3: {}
 
+  prosemirror-changeset@2.4.0:
+    dependencies:
+      prosemirror-transform: 1.11.0
+
+  prosemirror-collab@1.3.1:
+    dependencies:
+      prosemirror-state: 1.4.4
+
+  prosemirror-commands@1.7.1:
+    dependencies:
+      prosemirror-model: 1.25.4
+      prosemirror-state: 1.4.4
+      prosemirror-transform: 1.11.0
+
+  prosemirror-dropcursor@1.8.2:
+    dependencies:
+      prosemirror-state: 1.4.4
+      prosemirror-transform: 1.11.0
+      prosemirror-view: 1.41.7
+
+  prosemirror-gapcursor@1.4.1:
+    dependencies:
+      prosemirror-keymap: 1.2.3
+      prosemirror-model: 1.25.4
+      prosemirror-state: 1.4.4
+      prosemirror-view: 1.41.7
+
+  prosemirror-history@1.5.0:
+    dependencies:
+      prosemirror-state: 1.4.4
+      prosemirror-transform: 1.11.0
+      prosemirror-view: 1.41.7
+      rope-sequence: 1.3.4
+
+  prosemirror-inputrules@1.5.1:
+    dependencies:
+      prosemirror-state: 1.4.4
+      prosemirror-transform: 1.11.0
+
+  prosemirror-keymap@1.2.3:
+    dependencies:
+      prosemirror-state: 1.4.4
+      w3c-keyname: 2.2.8
+
+  prosemirror-markdown@1.13.4:
+    dependencies:
+      '@types/markdown-it': 14.1.2
+      markdown-it: 14.1.1
+      prosemirror-model: 1.25.4
+
+  prosemirror-menu@1.3.0:
+    dependencies:
+      crelt: 1.0.6
+      prosemirror-commands: 1.7.1
+      prosemirror-history: 1.5.0
+      prosemirror-state: 1.4.4
+
+  prosemirror-model@1.25.4:
+    dependencies:
+      orderedmap: 2.1.1
+
+  prosemirror-schema-basic@1.2.4:
+    dependencies:
+      prosemirror-model: 1.25.4
+
+  prosemirror-schema-list@1.5.1:
+    dependencies:
+      prosemirror-model: 1.25.4
+      prosemirror-state: 1.4.4
+      prosemirror-transform: 1.11.0
+
+  prosemirror-state@1.4.4:
+    dependencies:
+      prosemirror-model: 1.25.4
+      prosemirror-transform: 1.11.0
+      prosemirror-view: 1.41.7
+
+  prosemirror-tables@1.8.5:
+    dependencies:
+      prosemirror-keymap: 1.2.3
+      prosemirror-model: 1.25.4
+      prosemirror-state: 1.4.4
+      prosemirror-transform: 1.11.0
+      prosemirror-view: 1.41.7
+
+  prosemirror-trailing-node@3.0.0(prosemirror-model@1.25.4)(prosemirror-state@1.4.4)(prosemirror-view@1.41.7):
+    dependencies:
+      '@remirror/core-constants': 3.0.0
+      escape-string-regexp: 4.0.0
+      prosemirror-model: 1.25.4
+      prosemirror-state: 1.4.4
+      prosemirror-view: 1.41.7
+
+  prosemirror-transform@1.11.0:
+    dependencies:
+      prosemirror-model: 1.25.4
+
+  prosemirror-view@1.41.7:
+    dependencies:
+      prosemirror-model: 1.25.4
+      prosemirror-state: 1.4.4
+      prosemirror-transform: 1.11.0
+
   proxy-from-env@1.1.0: {}
 
+  punycode.js@2.3.1: {}
+
   punycode@2.3.1: {}
 
   queue-microtask@1.2.3: {}
@@ -7557,6 +8086,8 @@ snapshots:
       '@rollup/rollup-win32-x64-msvc': 4.57.0
       fsevents: 2.3.3
 
+  rope-sequence@1.3.4: {}
+
   run-parallel@1.2.0:
     dependencies:
       queue-microtask: 1.2.3
@@ -7994,6 +8525,8 @@ snapshots:
 
   typescript@5.9.3: {}
 
+  uc.micro@2.1.0: {}
+
   unbox-primitive@1.1.0:
     dependencies:
       call-bound: 1.0.4
@@ -8134,6 +8667,8 @@ snapshots:
       - supports-color
       - terser
 
+  w3c-keyname@2.2.8: {}
+
   w3c-xmlserializer@5.0.0:
     dependencies:
       xml-name-validator: 5.0.0
diff --git a/frontend/src/lib/components/molecules/FileUpload/FileUpload.svelte b/frontend/src/lib/components/molecules/FileUpload/FileUpload.svelte
new file mode 100644
index 0000000..96eb6e1
--- /dev/null
+++ b/frontend/src/lib/components/molecules/FileUpload/FileUpload.svelte
@@ -0,0 +1,276 @@
+<script lang="ts">
+	const ACCEPTED_TYPES = ['application/pdf', 'image/jpeg', 'image/png'];
+	const MAX_FILE_SIZE = 10 * 1024 * 1024; // 10 Mo
+
+	interface UploadedFile {
+		id: string;
+		filename: string;
+		fileSize: number;
+		mimeType: string;
+	}
+
+	let {
+		existingFiles = [],
+		onUpload,
+		onDelete,
+		disabled = false
+	}: {
+		existingFiles?: UploadedFile[];
+		onUpload: (file: File) => Promise<UploadedFile>;
+		onDelete: (fileId: string) => Promise<void>;
+		disabled?: boolean;
+	} = $props();
+
+	let files = $state<UploadedFile[]>(existingFiles);
+	let pendingFiles = $state<{ name: string; size: number }[]>([]);
+	let error = $state<string | null>(null);
+	let fileInput: HTMLInputElement;
+
+	$effect(() => {
+		files = existingFiles;
+	});
+
+	function formatFileSize(bytes: number): string {
+		if (bytes < 1024) return `${bytes} o`;
+		if (bytes < 1024 * 1024) return `${(bytes / 1024).toFixed(1)} Ko`;
+		return `${(bytes / (1024 * 1024)).toFixed(1)} Mo`;
+	}
+
+	function getFileIcon(mimeType: string): string {
+		if (mimeType === 'application/pdf') return '📄';
+		if (mimeType.startsWith('image/')) return '🖼️';
+		return '📎';
+	}
+
+	function validateFile(file: File): string | null {
+		if (!ACCEPTED_TYPES.includes(file.type)) {
+			return `Type de fichier non accepté : ${file.type}. Types autorisés : PDF, JPEG, PNG.`;
+		}
+		if (file.size > MAX_FILE_SIZE) {
+			return `Le fichier dépasse la taille maximale de 10 Mo (${formatFileSize(file.size)}).`;
+		}
+		return null;
+	}
+
+	async function handleFileSelect(event: Event) {
+		const input = event.target as HTMLInputElement;
+		const selectedFiles = input.files;
+		if (!selectedFiles || selectedFiles.length === 0) return;
+
+		error = null;
+
+		for (const file of selectedFiles) {
+			const validationError = validateFile(file);
+			if (validationError) {
+				error = validationError;
+				continue;
+			}
+
+			pendingFiles = [...pendingFiles, { name: file.name, size: file.size }];
+
+			try {
+				const uploaded = await onUpload(file);
+				files = [...files, uploaded];
+			} catch {
+				error = `Erreur lors de l'envoi de "${file.name}".`;
+			} finally {
+				pendingFiles = pendingFiles.filter((p) => p.name !== file.name);
+			}
+		}
+
+		input.value = '';
+	}
+
+	async function handleDelete(fileId: string) {
+		error = null;
+
+		try {
+			await onDelete(fileId);
+			files = files.filter((f) => f.id !== fileId);
+		} catch {
+			error = 'Erreur lors de la suppression du fichier.';
+		}
+	}
+</script>
+
+<div class="file-upload" class:disabled>
+	{#if error}
+		<p class="upload-error" role="alert">{error}</p>
+	{/if}
+
+	{#if files.length > 0 || pendingFiles.length > 0}
+		<ul class="file-list">
+			{#each files as file}
+				<li class="file-item">
+					<span class="file-icon">{getFileIcon(file.mimeType)}</span>
+					<span class="file-name">{file.filename}</span>
+					<span class="file-size">{formatFileSize(file.fileSize)}</span>
+					{#if !disabled}
+						<button
+							type="button"
+							class="file-remove"
+							onclick={() => handleDelete(file.id)}
+							title="Supprimer {file.filename}"
+							aria-label="Supprimer {file.filename}"
+						>
+							✕
+						</button>
+					{/if}
+				</li>
+			{/each}
+			{#each pendingFiles as pending}
+				<li class="file-item file-pending">
+					<span class="file-icon">⏳</span>
+					<span class="file-name">{pending.name}</span>
+					<span class="file-size">{formatFileSize(pending.size)}</span>
+					<span class="file-uploading">Envoi...</span>
+				</li>
+			{/each}
+		</ul>
+	{/if}
+
+	{#if !disabled}
+		<button type="button" class="upload-btn" onclick={() => fileInput.click()}>
+			<svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" aria-hidden="true">
+				<path d="M21.44 11.05l-9.19 9.19a6 6 0 01-8.49-8.49l9.19-9.19a4 4 0 015.66 5.66l-9.2 9.19a2 2 0 01-2.83-2.83l8.49-8.48" />
+			</svg>
+			Ajouter un fichier
+		</button>
+		<input
+			bind:this={fileInput}
+			type="file"
+			accept=".pdf,.jpg,.jpeg,.png"
+			onchange={handleFileSelect}
+			class="file-input-hidden"
+			aria-hidden="true"
+			tabindex="-1"
+		/>
+		<p class="upload-hint">PDF, JPEG ou PNG — 10 Mo max par fichier</p>
+	{/if}
+</div>
+
+<style>
+	.file-upload {
+		display: flex;
+		flex-direction: column;
+		gap: 0.5rem;
+	}
+
+	.file-upload.disabled {
+		opacity: 0.6;
+	}
+
+	.upload-error {
+		margin: 0;
+		padding: 0.5rem 0.75rem;
+		background: #fee2e2;
+		border-radius: 0.375rem;
+		color: #991b1b;
+		font-size: 0.8125rem;
+	}
+
+	.file-list {
+		list-style: none;
+		margin: 0;
+		padding: 0;
+		display: flex;
+		flex-direction: column;
+		gap: 0.375rem;
+	}
+
+	.file-item {
+		display: flex;
+		align-items: center;
+		gap: 0.5rem;
+		padding: 0.5rem 0.75rem;
+		background: #f9fafb;
+		border: 1px solid #e5e7eb;
+		border-radius: 0.375rem;
+		font-size: 0.875rem;
+	}
+
+	.file-pending {
+		opacity: 0.6;
+	}
+
+	.file-icon {
+		flex-shrink: 0;
+	}
+
+	.file-name {
+		flex: 1;
+		color: #374151;
+		font-weight: 500;
+		overflow: hidden;
+		text-overflow: ellipsis;
+		white-space: nowrap;
+	}
+
+	.file-size {
+		color: #9ca3af;
+		font-size: 0.75rem;
+		flex-shrink: 0;
+	}
+
+	.file-uploading {
+		color: #3b82f6;
+		font-size: 0.75rem;
+		flex-shrink: 0;
+	}
+
+	.file-remove {
+		display: flex;
+		align-items: center;
+		justify-content: center;
+		width: 1.5rem;
+		height: 1.5rem;
+		border: none;
+		border-radius: 50%;
+		background: #e5e7eb;
+		color: #6b7280;
+		font-size: 0.625rem;
+		cursor: pointer;
+		flex-shrink: 0;
+		transition: background-color 0.15s;
+	}
+
+	.file-remove:hover {
+		background: #fecaca;
+		color: #dc2626;
+	}
+
+	.upload-btn {
+		display: inline-flex;
+		align-items: center;
+		gap: 0.375rem;
+		padding: 0.5rem 0.75rem;
+		border: 1px dashed #d1d5db;
+		border-radius: 0.375rem;
+		background: white;
+		color: #374151;
+		font-size: 0.875rem;
+		cursor: pointer;
+		transition: border-color 0.15s, background-color 0.15s;
+		align-self: flex-start;
+	}
+
+	.upload-btn:hover {
+		border-color: #3b82f6;
+		background: #eff6ff;
+		color: #2563eb;
+	}
+
+	.file-input-hidden {
+		position: absolute;
+		width: 0;
+		height: 0;
+		overflow: hidden;
+		opacity: 0;
+	}
+
+	.upload-hint {
+		margin: 0;
+		font-size: 0.75rem;
+		color: #9ca3af;
+	}
+</style>
diff --git a/frontend/src/lib/components/molecules/RichTextEditor/RichTextEditor.svelte b/frontend/src/lib/components/molecules/RichTextEditor/RichTextEditor.svelte
new file mode 100644
index 0000000..54eeacb
--- /dev/null
+++ b/frontend/src/lib/components/molecules/RichTextEditor/RichTextEditor.svelte
@@ -0,0 +1,300 @@
+<script lang="ts">
+	import { onMount } from 'svelte';
+	import type { Editor as EditorType } from '@tiptap/core';
+
+	let {
+		content = '',
+		onUpdate,
+		placeholder = 'Saisissez votre texte...',
+		disabled = false
+	}: {
+		content?: string;
+		onUpdate: (html: string) => void;
+		placeholder?: string;
+		disabled?: boolean;
+	} = $props();
+
+	let editorElement: HTMLDivElement;
+	let editor: EditorType | null = $state(null);
+
+	onMount(() => {
+		initEditor();
+
+		return () => {
+			editor?.destroy();
+		};
+	});
+
+	async function initEditor() {
+		const [{ Editor }, { default: StarterKit }, { default: Link }] = await Promise.all([
+			import('@tiptap/core'),
+			import('@tiptap/starter-kit'),
+			import('@tiptap/extension-link')
+		]);
+
+		editor = new Editor({
+			element: editorElement,
+			extensions: [
+				StarterKit.configure({
+					heading: false,
+					codeBlock: false,
+					blockquote: false,
+					horizontalRule: false,
+					code: false
+				}),
+				Link.configure({
+					openOnClick: false,
+					HTMLAttributes: {
+						rel: 'noopener noreferrer nofollow',
+						target: '_blank'
+					}
+				})
+			],
+			content,
+			editable: !disabled,
+			onUpdate: ({ editor: e }) => {
+				const html = e.isEmpty ? '' : e.getHTML();
+				onUpdate(html);
+			},
+			editorProps: {
+				attributes: {
+					class: 'rich-text-content',
+					'aria-label': placeholder,
+					role: 'textbox',
+					'aria-multiline': 'true'
+				}
+			}
+		});
+	}
+
+	$effect(() => {
+		if (editor && disabled !== undefined) {
+			editor.setEditable(!disabled);
+		}
+	});
+
+	function toggleBold() {
+		editor?.chain().focus().toggleBold().run();
+	}
+
+	function toggleItalic() {
+		editor?.chain().focus().toggleItalic().run();
+	}
+
+	function toggleBulletList() {
+		editor?.chain().focus().toggleBulletList().run();
+	}
+
+	function toggleOrderedList() {
+		editor?.chain().focus().toggleOrderedList().run();
+	}
+
+	function toggleLink() {
+		if (!editor) return;
+
+		if (editor.isActive('link')) {
+			editor.chain().focus().unsetLink().run();
+			return;
+		}
+
+		const url = window.prompt('URL du lien :');
+		if (url) {
+			editor.chain().focus().setLink({ href: url }).run();
+		}
+	}
+</script>
+
+<div class="rich-text-editor" class:disabled>
+	{#if editor && !disabled}
+		<div class="toolbar" role="toolbar" aria-label="Formatage du texte">
+			<button
+				type="button"
+				class="toolbar-btn"
+				class:active={editor.isActive('bold')}
+				onclick={toggleBold}
+				title="Gras"
+				aria-label="Gras"
+				aria-pressed={editor.isActive('bold')}
+			>
+				<strong>G</strong>
+			</button>
+			<button
+				type="button"
+				class="toolbar-btn"
+				class:active={editor.isActive('italic')}
+				onclick={toggleItalic}
+				title="Italique"
+				aria-label="Italique"
+				aria-pressed={editor.isActive('italic')}
+			>
+				<em>I</em>
+			</button>
+			<span class="toolbar-separator" aria-hidden="true"></span>
+			<button
+				type="button"
+				class="toolbar-btn"
+				class:active={editor.isActive('bulletList')}
+				onclick={toggleBulletList}
+				title="Liste à puces"
+				aria-label="Liste à puces"
+				aria-pressed={editor.isActive('bulletList')}
+			>
+				<svg viewBox="0 0 20 20" fill="currentColor" width="16" height="16" aria-hidden="true">
+					<path
+						fill-rule="evenodd"
+						d="M3 4a1 1 0 100 2 1 1 0 000-2zm4 0a1 1 0 000 2h10a1 1 0 100-2H7zm0 5a1 1 0 000 2h10a1 1 0 100-2H7zm0 5a1 1 0 000 2h10a1 1 0 100-2H7zM3 9a1 1 0 100 2 1 1 0 000-2zm0 5a1 1 0 100 2 1 1 0 000-2z"
+						clip-rule="evenodd"
+					/>
+				</svg>
+			</button>
+			<button
+				type="button"
+				class="toolbar-btn"
+				class:active={editor.isActive('orderedList')}
+				onclick={toggleOrderedList}
+				title="Liste numérotée"
+				aria-label="Liste numérotée"
+				aria-pressed={editor.isActive('orderedList')}
+			>
+				<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" width="16" height="16" aria-hidden="true">
+					<line x1="10" y1="6" x2="21" y2="6" />
+					<line x1="10" y1="12" x2="21" y2="12" />
+					<line x1="10" y1="18" x2="21" y2="18" />
+					<text x="4" y="7.5" font-size="7" font-weight="700" fill="currentColor" stroke="none" text-anchor="middle">1</text>
+					<text x="4" y="13.5" font-size="7" font-weight="700" fill="currentColor" stroke="none" text-anchor="middle">2</text>
+					<text x="4" y="19.5" font-size="7" font-weight="700" fill="currentColor" stroke="none" text-anchor="middle">3</text>
+				</svg>
+			</button>
+			<span class="toolbar-separator" aria-hidden="true"></span>
+			<button
+				type="button"
+				class="toolbar-btn"
+				class:active={editor.isActive('link')}
+				onclick={toggleLink}
+				title="Lien"
+				aria-label="Lien"
+				aria-pressed={editor.isActive('link')}
+			>
+				<svg viewBox="0 0 20 20" fill="currentColor" width="16" height="16" aria-hidden="true">
+					<path
+						d="M12.586 4.586a2 2 0 112.828 2.828l-3 3a2 2 0 01-2.828 0 1 1 0 00-1.414 1.414 4 4 0 005.656 0l3-3a4 4 0 00-5.656-5.656l-1.5 1.5a1 1 0 101.414 1.414l1.5-1.5zm-5 5a2 2 0 012.828 0 1 1 0 101.414-1.414 4 4 0 00-5.656 0l-3 3a4 4 0 105.656 5.656l1.5-1.5a1 1 0 10-1.414-1.414l-1.5 1.5a2 2 0 11-2.828-2.828l3-3z"
+					/>
+				</svg>
+			</button>
+		</div>
+	{/if}
+	<div bind:this={editorElement} class="editor-container"></div>
+</div>
+
+<style>
+	.rich-text-editor {
+		border: 1px solid #d1d5db;
+		border-radius: 0.375rem;
+		overflow: hidden;
+		transition: border-color 0.15s, box-shadow 0.15s;
+	}
+
+	.rich-text-editor:focus-within {
+		border-color: #3b82f6;
+		box-shadow: 0 0 0 3px rgba(59, 130, 246, 0.1);
+	}
+
+	.rich-text-editor.disabled {
+		opacity: 0.6;
+		background: #f9fafb;
+	}
+
+	.toolbar {
+		display: flex;
+		align-items: center;
+		gap: 0.125rem;
+		padding: 0.375rem;
+		border-bottom: 1px solid #e5e7eb;
+		background: #f9fafb;
+	}
+
+	.toolbar-btn {
+		display: flex;
+		align-items: center;
+		justify-content: center;
+		width: 2rem;
+		height: 2rem;
+		border: none;
+		border-radius: 0.25rem;
+		background: transparent;
+		color: #374151;
+		font-size: 0.875rem;
+		cursor: pointer;
+		transition: background-color 0.15s, color 0.15s;
+	}
+
+	.toolbar-btn:hover {
+		background: #e5e7eb;
+	}
+
+	.toolbar-btn.active {
+		background: #dbeafe;
+		color: #2563eb;
+	}
+
+	.toolbar-separator {
+		width: 1px;
+		height: 1.25rem;
+		background: #d1d5db;
+		margin: 0 0.25rem;
+	}
+
+	.editor-container {
+		min-height: 8rem;
+	}
+
+	.editor-container :global(.rich-text-content) {
+		padding: 0.75rem;
+		min-height: 8rem;
+		outline: none;
+		font-size: 0.875rem;
+		line-height: 1.5;
+		color: #374151;
+	}
+
+	.editor-container :global(.rich-text-content p) {
+		margin: 0 0 0.5rem;
+	}
+
+	.editor-container :global(.rich-text-content p:last-child) {
+		margin-bottom: 0;
+	}
+
+	.editor-container :global(.rich-text-content ul) {
+		list-style-type: disc;
+		padding-left: 1.5rem;
+		margin: 0 0 0.5rem;
+	}
+
+	.editor-container :global(.rich-text-content ol) {
+		list-style-type: decimal;
+		padding-left: 1.5rem;
+		margin: 0 0 0.5rem;
+	}
+
+	.editor-container :global(.rich-text-content li) {
+		margin-bottom: 0.25rem;
+	}
+
+	.editor-container :global(.rich-text-content a) {
+		color: #2563eb;
+		text-decoration: underline;
+	}
+
+	.editor-container :global(.rich-text-content strong) {
+		font-weight: 600;
+	}
+
+	.editor-container :global(.rich-text-content .is-empty::before) {
+		content: attr(data-placeholder);
+		color: #9ca3af;
+		pointer-events: none;
+		float: left;
+		height: 0;
+	}
+</style>
diff --git a/frontend/src/lib/components/organisms/StudentHomework/HomeworkDetail.svelte b/frontend/src/lib/components/organisms/StudentHomework/HomeworkDetail.svelte
index 3a0e3f1..04cc364 100644
--- a/frontend/src/lib/components/organisms/StudentHomework/HomeworkDetail.svelte
+++ b/frontend/src/lib/components/organisms/StudentHomework/HomeworkDetail.svelte
@@ -93,7 +93,7 @@
 	{#if detail.description}
 		<section class="detail-description">
 			<h3>Description</h3>
-			<p>{detail.description}</p>
+			<div class="description-content">{@html detail.description}</div>
 		</section>
 	{/if}
 
@@ -183,11 +183,34 @@
 		color: #374151;
 	}
 
-	.detail-description p {
-		margin: 0;
+	.detail-description :global(.description-content) {
 		color: #4b5563;
 		line-height: 1.6;
-		white-space: pre-wrap;
+	}
+
+	.detail-description :global(.description-content p) {
+		margin: 0 0 0.5rem;
+	}
+
+	.detail-description :global(.description-content p:last-child) {
+		margin-bottom: 0;
+	}
+
+	.detail-description :global(.description-content ul) {
+		list-style-type: disc;
+		padding-left: 1.5rem;
+		margin: 0 0 0.5rem;
+	}
+
+	.detail-description :global(.description-content ol) {
+		list-style-type: decimal;
+		padding-left: 1.5rem;
+		margin: 0 0 0.5rem;
+	}
+
+	.detail-description :global(.description-content a) {
+		color: #2563eb;
+		text-decoration: underline;
 	}
 
 	.download-error {
diff --git a/frontend/src/routes/dashboard/teacher/homework/+page.svelte b/frontend/src/routes/dashboard/teacher/homework/+page.svelte
index 870f3d5..2e23a06 100644
--- a/frontend/src/routes/dashboard/teacher/homework/+page.svelte
+++ b/frontend/src/routes/dashboard/teacher/homework/+page.svelte
@@ -6,6 +6,8 @@
 	import Pagination from '$lib/components/molecules/Pagination/Pagination.svelte';
 	import ExceptionRequestModal from '$lib/components/molecules/ExceptionRequestModal/ExceptionRequestModal.svelte';
 	import RuleBlockedModal from '$lib/components/molecules/RuleBlockedModal/RuleBlockedModal.svelte';
+	import FileUpload from '$lib/components/molecules/FileUpload/FileUpload.svelte';
+	import RichTextEditor from '$lib/components/molecules/RichTextEditor/RichTextEditor.svelte';
 	import SearchInput from '$lib/components/molecules/SearchInput/SearchInput.svelte';
 	import { untrack } from 'svelte';
 
@@ -28,6 +30,13 @@
 		updatedAt: string;
 	}
 
+	interface HomeworkAttachmentFile {
+		id: string;
+		filename: string;
+		fileSize: number;
+		mimeType: string;
+	}
+
 	interface RuleWarning {
 		ruleType: string;
 		message: string;
@@ -75,6 +84,10 @@
 	let newDescription = $state('');
 	let newDueDate = $state('');
 	let isSubmitting = $state(false);
+	let newPendingFiles = $state<File[]>([]);
+
+	// Attachments
+	let editAttachments = $state<HomeworkAttachmentFile[]>([]);
 
 	// Edit modal
 	let showEditModal = $state(false);
@@ -321,6 +334,7 @@
 		newTitle = '';
 		newDescription = '';
 		newDueDate = '';
+		newPendingFiles = [];
 		ruleConformMinDate = '';
 		dueDateError = null;
 	}
@@ -382,6 +396,22 @@
 				throw new Error(msg);
 			}
 
+			// Upload pending files if any
+			if (newPendingFiles.length > 0) {
+				const created = await response.json().catch(() => null);
+				const homeworkId = created?.id;
+				if (homeworkId) {
+					for (const file of newPendingFiles) {
+						try {
+							await uploadAttachment(homeworkId, file);
+						} catch {
+							// Best effort — file upload failure doesn't block creation
+						}
+					}
+				}
+				newPendingFiles = [];
+			}
+
 			closeCreateModal();
 			showRuleWarningModal = false;
 			ruleWarnings = [];
@@ -525,18 +555,63 @@
 		showCreateModal = true;
 	}
 
+	// --- Attachments ---
+	async function uploadAttachment(homeworkId: string, file: File): Promise<HomeworkAttachmentFile> {
+		const apiUrl = getApiBaseUrl();
+		const formData = new window.FormData();
+		formData.append('file', file);
+
+		const response = await authenticatedFetch(`${apiUrl}/homework/${homeworkId}/attachments`, {
+			method: 'POST',
+			body: formData,
+		});
+
+		if (!response.ok) {
+			const errorData = await response.json().catch(() => null);
+			throw new Error(errorData?.detail ?? 'Erreur lors de l\'envoi du fichier.');
+		}
+
+		return response.json() as Promise<HomeworkAttachmentFile>;
+	}
+
+	async function deleteAttachment(homeworkId: string, attachmentId: string): Promise<void> {
+		const apiUrl = getApiBaseUrl();
+		const response = await authenticatedFetch(`${apiUrl}/homework/${homeworkId}/attachments/${attachmentId}`, {
+			method: 'DELETE',
+		});
+
+		if (!response.ok) {
+			throw new Error('Erreur lors de la suppression du fichier.');
+		}
+	}
+
+	async function fetchAttachments(homeworkId: string): Promise<HomeworkAttachmentFile[]> {
+		const apiUrl = getApiBaseUrl();
+		const response = await authenticatedFetch(`${apiUrl}/homework/${homeworkId}/attachments`);
+
+		if (!response.ok) return [];
+
+		const data = await response.json();
+		return (data as HomeworkAttachmentFile[]) ?? [];
+	}
+
 	// --- Edit ---
-	function openEditModal(hw: Homework) {
+	async function openEditModal(hw: Homework) {
 		editHomework = hw;
 		editTitle = hw.title;
 		editDescription = hw.description ?? '';
 		editDueDate = hw.dueDate;
+		editAttachments = [];
 		showEditModal = true;
+
+		// Charger les pièces jointes existantes en arrière-plan
+		editAttachments = await fetchAttachments(hw.id);
 	}
 
 	function closeEditModal() {
 		showEditModal = false;
 		editHomework = null;
+		editAttachments = [];
 	}
 
 	async function handleUpdate() {
@@ -811,7 +886,7 @@
 					</div>
 
 					{#if hw.description}
-						<p class="homework-description">{hw.description}</p>
+						<div class="homework-description">{@html hw.description}</div>
 					{/if}
 
 					{#if hw.status === 'published'}
@@ -901,13 +976,13 @@
 				</div>
 
 				<div class="form-group">
-					<label for="hw-description">Description</label>
-					<textarea
-						id="hw-description"
-						bind:value={newDescription}
+					<label>Description</label>
+					<RichTextEditor
+						content={newDescription}
+						onUpdate={(html) => (newDescription = html)}
 						placeholder="Consignes, pages à lire, liens utiles..."
-						rows="4"
-					></textarea>
+						disabled={isSubmitting}
+					/>
 				</div>
 
 				<div class="form-group">
@@ -931,6 +1006,27 @@
 					{/if}
 				</div>
 
+				<div class="form-group">
+					<label>Pièces jointes</label>
+					<FileUpload
+						existingFiles={[]}
+						onUpload={async (file) => {
+							newPendingFiles = [...newPendingFiles, file];
+							const pendingId = `pending-${file.name}-${file.size}`;
+							return { id: pendingId, filename: file.name, fileSize: file.size, mimeType: file.type };
+						}}
+						onDelete={async (fileId) => {
+							newPendingFiles = newPendingFiles.filter(
+								(f) => `pending-${f.name}-${f.size}` !== fileId
+							);
+						}}
+						disabled={isSubmitting}
+					/>
+					{#if newPendingFiles.length > 0}
+						<small class="form-hint">Les fichiers seront envoyés après la création du devoir.</small>
+					{/if}
+				</div>
+
 				<div class="modal-actions">
 					<button type="button" class="btn-secondary" onclick={closeCreateModal} disabled={isSubmitting}>
 						Annuler
@@ -997,13 +1093,13 @@
 				</div>
 
 				<div class="form-group">
-					<label for="edit-description">Description</label>
-					<textarea
-						id="edit-description"
-						bind:value={editDescription}
+					<label>Description</label>
+					<RichTextEditor
+						content={editDescription}
+						onUpdate={(html) => (editDescription = html)}
 						placeholder="Consignes, pages à lire, liens utiles..."
-						rows="4"
-					></textarea>
+						disabled={isUpdating}
+					/>
 				</div>
 
 				<div class="form-group">
@@ -1011,6 +1107,18 @@
 					<input type="date" id="edit-due-date" bind:value={editDueDate} required min={minDueDate} />
 				</div>
 
+				{#if editHomework}
+					<div class="form-group">
+						<label>Pièces jointes</label>
+						<FileUpload
+							existingFiles={editAttachments}
+							onUpload={(file) => uploadAttachment(editHomework!.id, file)}
+							onDelete={(attachmentId) => deleteAttachment(editHomework!.id, attachmentId)}
+							disabled={isUpdating}
+						/>
+					</div>
+				{/if}
+
 				<div class="modal-actions">
 					<button type="button" class="btn-secondary" onclick={closeEditModal} disabled={isUpdating}>
 						Annuler
@@ -1553,7 +1661,16 @@
 		font-size: 0.875rem;
 		color: #4b5563;
 		line-height: 1.5;
-		white-space: pre-line;
+	}
+
+	.homework-description :global(ul) {
+		list-style-type: disc;
+		padding-left: 1.5rem;
+	}
+
+	.homework-description :global(ol) {
+		list-style-type: decimal;
+		padding-left: 1.5rem;
 	}
 
 	.homework-actions {