@Test
    public void test_render_xss_scriptTag() {
        String malicious = "<script>alert('XSS')</script>";
        String result = markdownRenderer.render(malicious);
        // Script tags should be removed by sanitizer
        assertFalse(result.contains("<script>"));
        assertFalse(result.contains("</script>"));
    }

    @Test
    public void test_render_xss_onclickAttribute() {

     */
    function scrollToBottom() {
        elements.chatMessages.scrollTop(elements.chatMessages[0].scrollHeight);
    }

    /**
     * Render Markdown text to sanitized HTML.
     * Policy is aligned with server-side MarkdownRenderer (OWASP sanitizer).
     */
    var markdownDomPurifyInitialized = false;
    var markdownSanitizeConfig = {
        ALLOWED_TAGS: ['h1','h2','h3','h4','h5','h6',

        String sanitized1 = AdminLogAction.sanitizeFilename("../../../var/log/auth.log");
        assertEquals("/var/log/auth.log", sanitized1);
        assertTrue(AdminLogAction.isLogFilename(sanitized1));

        String sanitized2 = AdminLogAction.sanitizeFilename("....//....//var/log/syslog.log");
        assertEquals("/var/log/syslog.log", sanitized2);

        // Test that custom sessionId is sanitized
        Crawler.Options options = new Crawler.Options();
        options.sessionId = "test-session-123";

        // Simulate what process() does - sanitize sessionId
        if (options.sessionId != null) {
            options.sessionId = options.sessionId.replaceAll("-", "_");
        }

        // Check that sessionId was sanitized (hyphens replaced with underscores)

                }
                if (sanitized.length() > 0) {
                    sanitized.append('/');
                }
                sanitized.append(component);
            }

            final Path resolved = Paths.get(exportPath, sanitized.toString()).normalize();
            final Path baseDir = Paths.get(exportPath).normalize();

e=e.toString()))throw S("dirty is not a string, aborting")}if(!o.isSupported)return e;if(Fe||Tt(t),o.removed=[],"string"==typeof e&&(qe=!1),qe){if(e.nodeName){const t=ft(e.nodeName);if(!Ne[t]||Oe[t])throw S("root node is forbidden and cannot be sanitized in-place")}}else if(e instanceof D)n=bt("\x3c!----\x3e"),r=n.ownerDocument.importNode(e,!0),r.nodeType===J&&"BODY"===r.nodeName||"HTML"===r.nodeName?n=r:n.appendChild(r);else{if(!Be&&!Ue&&!Pe&&-1===e.indexOf("<"))return le&&We?le.createHTML(e):e...

er",validatorFunction:function(a,b,c){if(""!==a){var d,e,f=b.valAttr("allowing")||"",g=b.valAttr("decimal-separator")||c.decimalSeparator,h=!1,i=b.valAttr("step")||"",j=!1,k=b.attr("data-sanitize")||"",l=k.match(/(^|[\s])numberFormat([\s]|$)/i);if(l){if(!window.numeral)throw new ReferenceError("The data-sanitize value numberFormat cannot be used without the numeral library. Please see Data Validation in http://www.formvalidator.net for more information.");a.length&&(a=String(numeral().unformat(a...