cra88y/pc
531128e828
- Replace inline script injection with dynamic asset route /gemini.js to satisfy script-src 'self' CSP policies. - Implement server-side parameter injection via URL params ( oken, q) to eliminate XSS vectors from data-* attributes. - Secure JS injection using json.dumps for proper serialization. - Integrate markupsafe.Markup to prevent Jinja2 template auto-escaping of the result injection. - Reduce log verbosity in the streaming loop while maintaining visibility for critical hooks. - Remove external dependencies, relying solely on standard lib and host environment packages.