XSS Vulnerability Identified in Webchat Adapter: Unsanitized HTML Rendering Allows Script Injection

A cross-site scripting vulnerability has been identified in the webchat channel implementation located at `channels/webchat`. The adapter renders agent responses using `innerHTML` or equivalent methods without applying sanitization, creating a direct pathway for malicious script injection when agent responses incorporate tool output containing HTML or JavaScript.

The vulnerability follows a four-stage attack sequence. First, an attacker crafts input designed to trigger a tool to return HTML containing elements such as `<script>` tags. Second, this malicious tool output becomes embedded within an agent response. Third, the webchat interface renders the response without any sanitization checks. Fourth, the injected script executes within the victim's browser session, potentially exposing session data, cookies, or other sensitive client-side information. The issue affects all message rendering paths where tool outputs are displayed to end users.

The reported remediation requirements include implementing DOMPurify for HTML sanitization across all message rendering operations, prioritizing `textContent` for plain text display and a markdown renderer for formatted content, deploying Content Security Policy headers to block inline script execution, and conducting a comprehensive audit of all other rendering pathways including tool call displays and memory entry rendering. The vulnerability has been catalogued as a security issue requiring immediate attention, with specific implementation guidance provided for the engineering team.