jared
d4f159ee7c
Lint / Python (flake8) (push) Successful in 44s
Lint / JS (eslint) (push) Successful in 8s
Security / Python Security (bandit) (push) Successful in 42s
Test / Python Tests (pytest) (push) Successful in 1m7s
Lint / Notify on failure (push) Has been skipped
Lint / Deploy (push) Successful in 3s
ticket_id was already escaped in the href attribute but the visible text (#<id>) used the raw value in an innerHTML template literal. Apply lt.escHtml() for defense-in-depth against a compromised ticket API. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>