## Problem `sidebar.py:280` uses `unsafe_allow_html=True` to render a hardcoded donation link. Sets a bad precedent for future XSS. ## Solution Replace with Streamlit's native `st.markdown("[text](url)")` link syntax. ## Acceptance Criteria - [ ] Donation link renders correctly without `unsafe_allow_html` **Difficulty:** Easy
Problem
sidebar.py:280usesunsafe_allow_html=Trueto render a hardcoded donation link. Sets a bad precedent for future XSS.Solution
Replace with Streamlit's native
st.markdown("[text](url)")link syntax.Acceptance Criteria
unsafe_allow_htmlDifficulty: Easy