feat(lesereisen): JourneyItemCard, JourneyInterlude, JourneyReader with XSS + omit-rule specs

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

frontend/src/lib/geschichte/JourneyInterlude.svelte.spec.ts

@@ -0,0 +1,44 @@
+import { describe, it, expect, afterEach } from 'vitest';
+import { cleanup, render } from 'vitest-browser-svelte';
+import { page } from 'vitest/browser';
+
+const { default: JourneyInterlude } = await import('./JourneyInterlude.svelte');
+
+afterEach(cleanup);
+
+declare global {
+	interface Window {
+		__xss_interlude?: number;
+	}
+}
+
+describe('JourneyInterlude', () => {
+	it('renders the note text as plaintext', async () => {
+		render(JourneyInterlude, { props: { note: 'Eine kurze Pause auf der Reise.' } });
+
+		await expect.element(page.getByText('Eine kurze Pause auf der Reise.')).toBeVisible();
+	});
+
+	it('has aria-label Kuratorennotiz', async () => {
+		render(JourneyInterlude, { props: { note: 'Notiz' } });
+
+		const el = document.querySelector('[aria-label="Kuratorennotiz"]');
+		expect(el).not.toBeNull();
+	});
+
+	it('renders the section-break glyph ❦', async () => {
+		render(JourneyInterlude, { props: { note: 'Notiz' } });
+
+		expect(document.body.textContent).toContain('❦');
+	});
+
+	it('XSS: note is rendered as plaintext — injected payload does not execute', async () => {
+		// Interlude uses Svelte text interpolation ({note}), NOT {@html}.
+		render(JourneyInterlude, {
+			props: { note: '<img src=x onerror="window.__xss_interlude=1">' }
+		});
+
+		expect(window.__xss_interlude).toBeUndefined();
+		expect(document.body.textContent).toContain('<img src=x onerror=');
+	});
+});