String sanitized1 = AdminLogAction.sanitizeFilename("../../../var/log/auth.log");
        assertEquals("/var/log/auth.log", sanitized1);
        assertTrue(AdminLogAction.isLogFilename(sanitized1));

        String sanitized2 = AdminLogAction.sanitizeFilename("....//....//var/log/syslog.log");
        assertEquals("/var/log/syslog.log", sanitized2);

                }
                if (sanitized.length() > 0) {
                    sanitized.append('/');
                }
                sanitized.append(component);
            }

            final Path resolved = Paths.get(exportPath, sanitized.toString()).normalize();
            final Path baseDir = Paths.get(exportPath).normalize();

    @Test
    public void test_render_xss_scriptTag() {
        String malicious = "<script>alert('XSS')</script>";
        String result = markdownRenderer.render(malicious);
        // Script tags should be removed by sanitizer
        assertFalse(result.contains("<script>"));
        assertFalse(result.contains("</script>"));
    }

    @Test
    public void test_render_xss_onclickAttribute() {

            }
            sb.append(c);
        }
        return sb.toString();
    }

    /**
     * Renders markdown text to sanitized HTML.
     *
     * @param markdown the markdown text
     * @return sanitized HTML
     */
    protected String renderMarkdownToHtml(final String markdown) {
        if (markdownRenderer == null || !markdownRenderer.isInitialized()) {

        assertTrue(result.toString().endsWith(".html"));
    }

    @Test
    public void test_buildFilePath_colonInFilename() {
        // Colon is valid in URI path but should be sanitized in filesystem path
        final Path result =
                indexExportJob.buildFilePath("/export", "https://example.com/path/file%3Aname.html", new HtmlIndexExportFormatter());