From 591954891a5cd254da3d43263394cb1fb290ba0a Mon Sep 17 00:00:00 2001 From: Kimi Agent Date: Sat, 14 Mar 2026 15:06:31 -0400 Subject: [PATCH] fix: sanitize dynamic innerHTML in templates (#47) --- src/dashboard/templates/base.html | 6 +++++- src/dashboard/templates/partials/agent_panel_chat.html | 9 ++++++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/src/dashboard/templates/base.html b/src/dashboard/templates/base.html index 3ce1ee4..70800be 100644 --- a/src/dashboard/templates/base.html +++ b/src/dashboard/templates/base.html @@ -327,7 +327,11 @@ .then(function(data) { var list = document.getElementById('notif-list'); if (!data.length) { - list.innerHTML = '
No recent notifications
'; + list.innerHTML = ''; + var emptyDiv = document.createElement('div'); + emptyDiv.className = 'mc-notif-empty'; + emptyDiv.textContent = 'No recent notifications'; + list.appendChild(emptyDiv); return; } list.innerHTML = ''; diff --git a/src/dashboard/templates/partials/agent_panel_chat.html b/src/dashboard/templates/partials/agent_panel_chat.html index 821e64a..055b678 100644 --- a/src/dashboard/templates/partials/agent_panel_chat.html +++ b/src/dashboard/templates/partials/agent_panel_chat.html @@ -120,14 +120,17 @@ function updateFromData(data) { if (data.is_working && data.current_task) { - statusEl.innerHTML = 'working...'; + statusEl.textContent = 'working...'; + statusEl.style.color = '#ffaa00'; banner.style.display = 'block'; taskTitle.textContent = data.current_task.title; } else if (data.tasks_ahead > 0) { - statusEl.innerHTML = 'queue: ' + data.tasks_ahead + ' ahead'; + statusEl.textContent = 'queue: ' + data.tasks_ahead + ' ahead'; + statusEl.style.color = '#888'; banner.style.display = 'none'; } else { - statusEl.innerHTML = 'ready'; + statusEl.textContent = 'ready'; + statusEl.style.color = '#00ff88'; banner.style.display = 'none'; } }