86091f77cf
- Fixed high-severity XSS and JS injection vulnerabilities by safely escaping IDs and user input using `json.dumps` and HTML entity encoding. - Prevented potential DoS crashes caused by curly braces in LLM output by replacing `.format()` with safe string replacement. - Refactored language resolution into a `_resolve_language` helper method, implementing base language fallback (e.g., `fr-BE` -> `fr-FR`). - Refactored date formatting to use a cleaner, dictionary-based approach. - Consolidated i18n logic into a single file with robust fallback handling. - Verified all changes with comprehensive unit and security tests. Co-authored-by: Fu-Jie <33599649+Fu-Jie@users.noreply.github.com>
88 KiB
88 KiB