er",validatorFunction:function(a,b,c){if(""!==a){var d,e,f=b.valAttr("allowing")||"",g=b.valAttr("decimal-separator")||c.decimalSeparator,h=!1,i=b.valAttr("step")||"",j=!1,k=b.attr("data-sanitize")||"",l=k.match(/(^|[\s])numberFormat([\s]|$)/i);if(l){if(!window.numeral)throw new ReferenceError("The data-sanitize value numberFormat cannot be used without the numeral library. Please see Data Validation in http://www.formvalidator.net for more information.");a.length&&(a=String(numeral().unformat(a...

        // Test that custom sessionId is sanitized
        Crawler.Options options = new Crawler.Options();
        options.sessionId = "test-session-123";

        // Simulate what process() does - sanitize sessionId
        if (options.sessionId != null) {
            options.sessionId = options.sessionId.replaceAll("-", "_");
        }

        // Check that sessionId was sanitized (hyphens replaced with underscores)

tes,e,null)},kt=function e(t){let n=null;const o=St(t);for(Rt(de.beforeSanitizeShadowDOM,t,null);n=o.nextNode();)Rt(de.uponSanitizeShadowNode,n,null),wt(n),vt(n),n.content instanceof s&&e(n.content);Rt(de.afterSanitizeShadowDOM,t,null)};return o.sanitize=function(e){let t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},n=null,r=null,i=null,l=null;if(it=!e,it&&(e="\x3c!--\x3e"),"string"!=typeof e&&!Dt(e)){if("function"!=typeof e.toString)throw S("toString is not a function");if("string"...

     */
    function scrollToBottom() {
        elements.chatMessages.scrollTop(elements.chatMessages[0].scrollHeight);
    }

    /**
     * Render Markdown text to sanitized HTML.
     * Policy is aligned with server-side MarkdownRenderer (OWASP sanitizer).
     */
    var markdownDomPurifyInitialized = false;
    var markdownSanitizeConfig = {
        ALLOWED_TAGS: ['h1','h2','h3','h4','h5','h6',

        String sanitized1 = AdminLogAction.sanitizeFilename("../../../var/log/auth.log");
        assertEquals("/var/log/auth.log", sanitized1);
        assertTrue(AdminLogAction.isLogFilename(sanitized1));

        String sanitized2 = AdminLogAction.sanitizeFilename("....//....//var/log/syslog.log");
        assertEquals("/var/log/syslog.log", sanitized2);

                }
                if (sanitized.length() > 0) {
                    sanitized.append('/');
                }
                sanitized.append(component);
            }

            final Path resolved = Paths.get(exportPath, sanitized.toString()).normalize();
            final Path baseDir = Paths.get(exportPath).normalize();

    @Test
    public void test_render_xss_scriptTag() {
        String malicious = "<script>alert('XSS')</script>";
        String result = markdownRenderer.render(malicious);
        // Script tags should be removed by sanitizer
        assertFalse(result.contains("<script>"));
        assertFalse(result.contains("</script>"));
    }

    @Test
    public void test_render_xss_onclickAttribute() {