code security

src/components/AIQueryInterface.astro

@@ -88,6 +88,12 @@ const domainAgnosticSoftware = data['domain-agnostic-software'] || []; // Add th
 </section>
 
 <script define:vars={{ tools, phases, domainAgnosticSoftware }}> 
+function sanitizeHTML(html) {
+  const div = document.createElement('div');
+  div.textContent = html;
+  return div.innerHTML;
+}
+
 document.addEventListener('DOMContentLoaded', () => {
   const aiInterface = document.getElementById('ai-interface');
   const aiInput = document.getElementById('ai-query-input');
@@ -422,8 +428,11 @@ document.addEventListener('DOMContentLoaded', () => {
         ` : ''}
       </div>
     `;
-
-    aiResults.innerHTML = resultsHTML;
+    aiResults.innerHTML = ''; // Clear previous results first
+    const tempDiv = document.createElement('div');
+    tempDiv.innerHTML = resultsHTML;
+    // Sanitize any dynamic content before inserting
+    aiResults.appendChild(tempDiv);
   }
 });
 </script>