From 2d8448cc43ba8f23aafcfea3def329e5429aba2c Mon Sep 17 00:00:00 2001
From: Richard Leek <richard@richardleek.com>
Date: Tue, 14 Apr 2026 08:46:34 -0400
Subject: [PATCH] Fix chat sanitizer

---
 src/ui/chat/chat.ts | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/ui/chat/chat.ts b/src/ui/chat/chat.ts
index 487c548f..ae74683c 100644
--- a/src/ui/chat/chat.ts
+++ b/src/ui/chat/chat.ts
@@ -240,7 +240,17 @@ export class Chat extends Base {
   }
 
   private sanitize(input: string): string {
-    const sanitized = input.replace(/</g, '&lt;').replace(/>/g, '&gt;').trim();
+    const map = {
+      '&': '&amp;',
+      '<': '&lt;',
+      '>': '&gt;',
+      '"': '&quot;',
+      "'": '&#x27;',
+      '/': '&#x2F;',
+    };
+    const sanitized = input
+      .replace(/[&<>"'/]/g, (char) => map[char as keyof typeof map])
+      .trim();
     return sanitized;
   }