diff --git a/semantic-ai-validator-demo/src/main/resources/templates/invoice-validation.html b/semantic-ai-validator-demo/src/main/resources/templates/invoice-validation.html
index 58f71dc..5f3ea20 100644
--- a/semantic-ai-validator-demo/src/main/resources/templates/invoice-validation.html
+++ b/semantic-ai-validator-demo/src/main/resources/templates/invoice-validation.html
@@ -85,11 +85,24 @@ Testing Without Real Invoices
if (file) {
const sizeMB = (file.size / 1024 / 1024).toFixed(2);
- fileInfo.innerHTML = `📄 ${file.name} (${sizeMB} MB)`;
+ // Safely update fileInfo with separate text nodes to prevent HTML injection
+ fileInfo.textContent = ""; // Clear previous content
+ // Create emoji node
+ const emojiNode = document.createTextNode("📄 ");
+ // Create file name node
+ const fileNameNode = document.createTextNode(file.name);
+ // Create file size node
+ const fileSizeNode = document.createTextNode(` (${sizeMB} MB)`);
+ fileInfo.appendChild(emojiNode);
+ fileInfo.appendChild(fileNameNode);
+ fileInfo.appendChild(fileSizeNode);
fileInfo.style.display = 'block';
if (file.size > 10 * 1024 * 1024) {
- fileInfo.innerHTML += ' ⚠️ File too large (max 10MB)';
+ const warningSpan = document.createElement('span');
+ warningSpan.style.color = 'red';
+ warningSpan.textContent = ' ⚠️ File too large (max 10MB)';
+ fileInfo.appendChild(warningSpan);
}
} else {
fileInfo.style.display = 'none';