diff --git a/typescript/packages/core/src/core/__tests__/transport.streamable.test.ts b/typescript/packages/core/src/core/__tests__/transport.streamable.test.ts index 842d466..c0a0726 100644 --- a/typescript/packages/core/src/core/__tests__/transport.streamable.test.ts +++ b/typescript/packages/core/src/core/__tests__/transport.streamable.test.ts @@ -30,9 +30,9 @@ describe('StreamableHttpTransport', () => { st.loadLogo(); st.setServerConfig({ - name: 'DocTest', + name: 'Documentation Test', version: '1.0.0', - description: 'A test server' + description: 'This is a test Server' }); st.setToolsCallback(async () => [ @@ -45,7 +45,8 @@ describe('StreamableHttpTransport', () => { 'http://localhost:3060/mcp' ); - expect(html).toContain('DocTest'); + expect(html).toContain('Documentation<Server> Test'); + expect(html).toContain('This is a test <b>Server</b>'); expect(html).toContain('1.0.0'); expect(html).toContain('tool1'); expect(html).toContain('Has UI Widget'); diff --git a/typescript/packages/core/src/core/transports/streamable-http.ts b/typescript/packages/core/src/core/transports/streamable-http.ts index 916a9c2..8412ded 100644 --- a/typescript/packages/core/src/core/transports/streamable-http.ts +++ b/typescript/packages/core/src/core/transports/streamable-http.ts @@ -985,9 +985,19 @@ export class StreamableHttpTransport implements Transport { * Generate HTML documentation page */ private generateDocumentationPage(tools: McpTool[], mcpEndpoint: string): string { - const serverName = this.serverConfig?.name || 'NitroStack MCP Server'; - const serverVersion = this.serverConfig?.version || '1.0.0'; - const serverDescription = this.serverConfig?.description || 'A powerful MCP server built with NitroStack'; + const serverName = this.escapeHtml( + this.serverConfig?.name || 'NitroStack MCP Server' + ); + + const serverVersion = this.escapeHtml( + this.serverConfig?.version || '1.0.0' + ); + + const serverDescription = this.escapeHtml( + this.serverConfig?.description || 'A powerful MCP server built with NitroStack' + ); + + const safeMcpEndpoint = this.escapeHtml(mcpEndpoint); return ` @@ -1394,7 +1404,7 @@ export class StreamableHttpTransport implements Transport {

🔌 Connection Information

MCP Endpoint

- ${mcpEndpoint} + ${safeMcpEndpoint}

Connect to this MCP server using the endpoint above. The server supports Server-Sent Events (SSE) for real-time bidirectional communication following the Model Context Protocol specification.