daisy-days

Several functions within the MCP server directly embed user-provided string arguments into HTML or JavaScript contexts without proper sanitization or input validation. This introduces Cross-Site Scripting (XSS) and HTML/JavaScript injection vulnerabilities if the server receives maliciously crafted JSON-RPC requests. Specifically: - `create_chart`: The `id` and `chart_type` parameters are directly inserted into HTML attributes and JavaScript code, respectively, without escaping. - `create_complex_table`: Column names are directly embedded into `<th>` tags, allowing HTML injection. - `generate_theme`: Theme parameters like `name`, `primary`, `base` are directly formatted into CSS-like strings, vulnerable to CSS injection if interpreted in a style block. - `scaffold_form`: The form `title` and field `name`s are vulnerable to HTML injection. - `get_script`: The `component` parameter is directly inserted into a JavaScript string, vulnerable to JS injection. While the `LayoutEngine::sanitize_text` function is used for layout titles, this sanitization is not consistently applied across all output-generating tools. The server operates via local standard I/O, which limits direct network-based attack surfaces, but injection risks remain if the client (e.g., Zed editor or an LLM making tool calls) passes untrusted input.