Skip to content

unsafe_allow_html=True with hardcoded HTML in sidebar #16

Description

@AshayK003

Problem

sidebar.py:280 uses unsafe_allow_html=True to render a hardcoded donation link. Sets a bad precedent for future XSS.

Solution

Replace with Streamlit's native st.markdown("[text](url)") link syntax.

Acceptance Criteria

  • Donation link renders correctly without unsafe_allow_html

Difficulty: Easy

Metadata

Metadata

Assignees

No one assigned

    Labels

    cleanupCleanup neededsecuritySecurity concerns

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions