Critical XSS Vulnerability in Assistant Chat: Unescaped HTML Enables Session Hijack, Token Theft

A high-severity cross-site scripting (XSS) vulnerability has been identified in the chat message rendering of an AI assistant interface. The flaw allows a malicious payload embedded within model or user text to inject and execute arbitrary HTML and JavaScript directly in a user's browser session. This is due to the use of React's `dangerouslySetInnerHTML` after only applying regex-based formatting, with no proper HTML escaping, creating a direct injection point for attackers.

The vulnerability is located in the core chat component files, specifically within `packages/web/src/components/Chat/ChatMessage.tsx` at lines 38 and 61-70. The impact is severe: successful exploitation could lead to the theft of user authentication tokens, complete session hijacking, UI redressing attacks, and malicious API calls being made on behalf of the compromised user. This falls squarely under the OWASP Top 10 category for Injection (A03:2021).

The immediate recommendation is to eliminate the use of `dangerouslySetInnerHTML` for rendering chat text. The code must be refactored to render markdown via a secure, dedicated renderer that properly escapes HTML, or to enforce strict allowlisting for any supported HTML tags. Failure to patch this exposes all users of the chat interface to significant client-side security risks, where an attacker could leverage the assistant's output as a vector for persistent attacks.