🔒 Fix XSS in file list rendering

[praxstack]

• Improved escapeHtml to include quote escaping.
• Used escapeHtml for all filename and fileId interpolations in public/index.html.
• Refactored event handlers to use data- attributes and this.dataset for safe parameter passing.
• Used CSS.escape for safe attribute selection in querySelector.
• Added safety checks for DOM element existence.
• Fixed a duplicate saveComment function.

📋 Description

Brief description of the changes in this PR.

🔗 Related Issue

Fixes #(issue number)

🔄 Type of Change

• 🐛 Bug fix (non-breaking change that fixes an issue)
• ✨ New feature (non-breaking change that adds functionality)
• 💥 Breaking change (fix or feature that would cause existing functionality to not work as expected)
• 📝 Documentation update
• ♻️ Refactoring (no functional changes)
• 🔒 Security fix

📸 Screenshots (if applicable)

Add screenshots to help explain your changes.

✅ Checklist

• My code follows the project's style guidelines
• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged and published

📝 Additional Notes

Any additional information reviewers should know.

[coderabbitai]

Warning

Rate limit exceeded

@praxstack has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 25 minutes and 33 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 813dc5af-5ba7-4212-98eb-d4bbf962a005

📥 Commits

Reviewing files that changed from the base of the PR and between 15d213d and ead3589.

📒 Files selected for processing (1)

• public/index.html

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch security-fix-xss-file-list-15251003085443209913

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}