Potential fix for code scanning alert no. 1: DOM text reinterpreted as HTML

semantic-ai-validator-demo/src/main/resources/templates/invoice-validation.html

@@ -85,11 +85,24 @@ <h3>Testing Without Real Invoices</h3>
 
             if (file) {
                 const sizeMB = (file.size / 1024 / 1024).toFixed(2);
-                fileInfo.innerHTML = `📄 ${file.name} (${sizeMB} MB)`;
+                // Safely update fileInfo with separate text nodes to prevent HTML injection
+                fileInfo.textContent = ""; // Clear previous content
+                // Create emoji node
+                const emojiNode = document.createTextNode("📄 ");
+                // Create file name node
+                const fileNameNode = document.createTextNode(file.name);
+                // Create file size node
+                const fileSizeNode = document.createTextNode(` (${sizeMB} MB)`);
+                fileInfo.appendChild(emojiNode);
+                fileInfo.appendChild(fileNameNode);
+                fileInfo.appendChild(fileSizeNode);
                 fileInfo.style.display = 'block';
 
                 if (file.size > 10 * 1024 * 1024) {
-                    fileInfo.innerHTML += ' <span style="color: red;">⚠️ File too large (max 10MB)</span>';
+                    const warningSpan = document.createElement('span');
+                    warningSpan.style.color = 'red';
+                    warningSpan.textContent = ' ⚠️ File too large (max 10MB)';
+                    fileInfo.appendChild(warningSpan);
                 }
             } else {
                 fileInfo.style.display = 'none';