[MEDIUM] Fix XSS and missing noopener in ticket print/export (fixes #2929)

[namann5]

Summary

Fixes #2929 - Two XSS-related issues in ticket print/export.

Changes

• Replaced DOM-based escapeHTML() (div.textContent + div.innerHTML) with a pure string-replace approach that encodes &, <, >, ", and '
• Added noopener,noreferrer to window.open() in printTicket() to prevent the print window from accessing window.opener

[vercel]

@namann5 is attempting to deploy a commit to the ritesh Team on Vercel.

A member of the Team first needs to authorize it.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 127667d0-9ee0-4532-ad7f-1f14aadf1747

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: a7720b4c0c

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Keep a handle for the print window

When printTicket is used from the admin Print button, passing noopener,noreferrer makes window.open sever the opener relationship; MDN documents that noopener causes window.open to return null, and noreferrer implies noopener. That means win is falsy even when the tab opens, so the function returns before document.write(...) and the printable ticket content/print dialog never appears in browsers following this behavior.

Useful? React with 👍 / 👎.