fix(security): patch DOM-based XSS vulnerabilities across UI

[Shashank-8p]

📝 Description

Resolves critical DOM-based Cross-Site Scripting (XSS) vulnerabilities found across the application's calculators and modal architecture.

Architectural Changes Implemented:

• Native DOM Escaping: Migrated unsafe .innerHTML injections in calculators (Armstrong, FLAMES) to use document.createElement() and .textContent, forcing the browser to treat malicious payloads as harmless strings.
• Sanitization Integration: Added the DOMPurify library via CDN to strictly sanitize complex HTML payloads before they are injected into the dynamic project modal.
• UI Hardening: Refactored dynamic list generation in main.js to build DOM nodes in memory rather than concatenating raw HTML strings.

🔗 Linked Issue

Closes #809

---

📋 Contribution Checklist

• My code strictly adheres to the project guidelines.
• I have tested my changes locally using standard XSS payloads (<img src=x onerror=alert(1)>).
• I have verified that safe HTML rendering (like the modal) still works correctly after sanitization.
• GSSoC 2026: I have been formally assigned to this issue and noted it above.

[vercel]

@Shashank-8p is attempting to deploy a commit to the Anuj's projects Team on Vercel.

A member of the Team first needs to authorize it.

[github-actions]

🎉 Thank you for your contribution!

Your Pull Request has been merged successfully.

We appreciate the time and effort you put into improving this project. Contributions like yours help the repository grow and stay useful for everyone.

If you'd like to contribute again, please check the open issues and make sure you are assigned before opening another Pull Request.

Thanks again for your support! 🙌