koko210Serve 191a368258 fix: prevent XSS in addChatMessage by using textContent for user input ...

- Escape sender name via escapeHtml in innerHTML template
- Set message content via textContent instead of innerHTML injection
- Prevents HTML/script injection from user input or LLM responses

2026-02-28 23:32:28 +02:00

225 KiB

Raw Blame History

View Raw