f68c892170
Two PR #288 blockers from Felix and Leonie: Felix: verbText.indexOf(docTitle) broke when the title was empty (indexOf returned 0, the before/after slices both emptied) or when the title substring-matched any word in the compiled Paraglide message (e.g. "Brief" appearing inside a translated verb). Swap to a sentinel approach: interpolate {doc} with U+0001, then split the compiled text on that sentinel — robust regardless of title content or translator sentence order. Two new red tests lock the invariant: empty title still renders the row link; short titles that could substring-match render exactly once as a single chronik-doc-title span. Leonie: the comment variant rendered „{documentTitle}" as a placeholder, which made the row show the same title twice — once as the underlined link, once as the italic "preview quote" — implying the comment was quoting itself. Replace with an italic ellipsis „…". A new red test asserts the preview no longer contains the document title text verbatim. While here, add a SECURITY comment next to the TODO so the next person who wires item.commentPreview knows the backend must truncate/strip server-side and the frontend must use {text}, never {@html} (Nora, issue #285 #3552). Part of #285, address PR #288 review. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>