Nathan Esquenazi 0126044ecb fix: stray } in message row HTML + JS-escape login locale strings ...

Agent review findings from PR #179:

1. static/ui.js line 542: extra } in ternary produced malformed HTML
   in message bubble div (''}} instead of ''}). Caused a literal }
   character to appear in the DOM.

2. api/routes.py: LOGIN_INVALID_PW and LOGIN_CONN_FAILED were inserted
   into JS string context without JS-string escaping. Added backslash
   escaping for ' and \ characters. Currently safe because locale values
   are hardcoded, but this prevents breakage if custom locale strings
   contain single quotes.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-08 19:07:00 -07:00

..

__init__.py

Hermes Web UI — Sprints 11-14: multi-provider models, settings, session QoL, alerts, polish

2026-03-31 07:02:47 +00:00

auth.py

release: v0.39.0 — security hardening, 12 fixes (#171)

2026-04-07 22:26:03 -07:00

config.py

feat: pluggable i18n with English/Chinese language switcher in Settings

2026-04-08 18:57:50 -07:00

helpers.py

release: v0.39.0 — security hardening, 12 fixes (#171)

2026-04-07 22:26:03 -07:00

models.py

release: v0.39.0 — security hardening, 12 fixes (#171)

2026-04-07 22:26:03 -07:00

profiles.py

chore: add missing type hints across 10 files

2026-04-05 13:30:20 +07:00

routes.py

fix: stray } in message row HTML + JS-escape login locale strings

2026-04-08 19:07:00 -07:00

state_sync.py

fix: sync message_count to state.db for /insights (#163) (#164)

2026-04-06 22:56:27 -07:00

streaming.py

fix: resolve _ENV_LOCK deadlock that blocks chat after first message

2026-04-08 14:22:39 +00:00

updates.py

fix: apply_update concurrency lock, boot.js settings-fail guard, dead workspace code, test_updates URL param

2026-04-05 16:20:12 +00:00

upload.py

chore: add missing type hints across 10 files

2026-04-05 13:30:20 +07:00

workspace.py

chore: add missing type hints across 10 files

2026-04-05 13:30:20 +07:00