Potential fix for code scanning alert no. 9: DOM text reinterpreted as HTML

NikhilGangaram · github-advanced-security[bot] · web-flow · commit d010a3019d87 · 2025-09-27T15:40:12.000-04:00
Co-authored-by: Copilot Autofix powered by AI &lt;62310815+github-advanced-security[bot]@users.noreply.github.com&gt;
diff --git a/src/components/chat/chat-message.tsx b/src/components/chat/chat-message.tsx
@@ -15,7 +15,7 @@ interface ChatMessageProps {
 }
 
 const md = new MarkdownIt({
-  html: true,
+  html: false, // Disables raw HTML in source markdown for XSS protection
   linkify: true,
   typographer: true,
   breaks: true,

Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,7 @@ interface ChatMessageProps {`
`15`	`15`	`}`
`16`	`16`
`17`	`17`	`const md = new MarkdownIt({`
`18`		`- html: true,`
	`18`	`+ html: false, // Disables raw HTML in source markdown for XSS protection`
`19`	`19`	`linkify: true,`
`20`	`20`	`typographer: true,`
`21`	`21`	`breaks: true,`