feat: add HTML escaping to Panel

2026-01-14 15:15:51 +08:00
parent 1751ba325d
commit 38caae5e23
2 changed files with 85 additions and 4 deletions
--- a/packages/ui/src/utils.ts
+++ b/packages/ui/src/utils.ts
@@ -4,3 +4,15 @@ export function truncate(text: string, maxLength: number): string {
 	}
 	return text
 }
+
+/**
+ * Escape HTML special characters to prevent XSS and rendering issues
+ */
+export function escapeHtml(text: string): string {
+	return text
+		.replace(/&/g, '&amp;')
+		.replace(/</g, '&lt;')
+		.replace(/>/g, '&gt;')
+		.replace(/"/g, '&quot;')
+		.replace(/'/g, '&#039;')
+}