feat: Implement secure static file serving with path traversal protection and XSS prevention for template titles.

src/web/utils/html.ts

@@ -0,0 +1,14 @@
+
+/**
+ * Escapes unsafe characters in a string to prevent XSS.
+ * @param unsafe - The raw string to escape.
+ * @returns The escaped string safe for HTML insertion.
+ */
+export function escapeHtml(unsafe: string): string {
+    return unsafe
+        .replace(/&/g, "&")
+        .replace(/</g, "&lt;")
+        .replace(/>/g, "&gt;")
+        .replace(/"/g, "&quot;")
+        .replace(/'/g, "&#039;");
+}