From 230ea8606903a89e89d2f4ea5d0025ac2fa9edc3 Mon Sep 17 00:00:00 2001 From: Jaynel Patiarba Date: Wed, 24 Jun 2026 20:58:38 +0800 Subject: [PATCH] fix(security): add rehype-sanitize to prevent stored XSS in chat messages MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The chat markdown renderer used rehype-raw to parse inline HTML in messages but had no sanitizer. An attacker could inject an