Ulas Kalayci
a4ad10a872
Prevents unvalidated user input from reaching DOM sinks (href, template literals). Host is checked against a strict hostname regex; port is parsed as an integer and range-checked to 1-65535. An inline error message is shown on validation failure. Resolves CodeQL js/xss-through-dom alert #7. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>