From 2727d3cd32accd58d05afbbd035060a53c077d6d Mon Sep 17 00:00:00 2001 From: keboss-m <85340750+keboss-m@users.noreply.github.com> Date: Mon, 1 Jun 2026 18:33:13 +0300 Subject: [PATCH] Fix XSS fallback when DOMPurify is unavailable in chat markdown renderer. Co-authored-by: Cursor --- backend/static/app.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/static/app.js b/backend/static/app.js index ebfa5fa..3a5fe1a 100644 --- a/backend/static/app.js +++ b/backend/static/app.js @@ -454,7 +454,7 @@ class TranscriptionApp { if (typeof DOMPurify !== 'undefined') { return DOMPurify.sanitize(html); } - return html; + return this.escapeHtml(text); } formatBytes(bytes) {