fix(Typography): text is rendered as HTML tags when ellipsis is enabled

[RylanBot]

🤔 这个 PR 的性质是？

• 日常 bug 修复
• 新特性提交
• 文档改进
• 演示代码改进
• 组件样式/交互改进
• CI/CD 改进
• 重构
• 代码风格优化
• 测试用例
• 分支合并
• 其他

🔗 相关 Issue

• [Typography] 启用 ellipsis 时，children 不应被渲染为 HTML #4116

💡 需求背景和解决方案

📝 更新日志

• 本条 PR 不需要纳入 Changelog

tdesign-react

• fix(Typography): 修复开启 ellipsis 时，字符串被渲染为 HTML 标签的问题

@tdesign-react/chat

☑️ 请求合并前的自查清单

⚠️ 请自检并全部勾选全部选项。⚠️

• 文档已补充或无须补充
• 代码演示已提供或无须提供
• TypeScript 定义已补充或无须补充
• Changelog 已提供或无须提供

[tdesign-bot]

TDesign Component Site Preview Open

Component	Preview
tdesign-react
@tdesign-react/chat

[pkg-pr-new]

• tdesign-react-demo

  npm i https://pkg.pr.new/Tencent/tdesign-react@4117
  

  npm i https://pkg.pr.new/Tencent/tdesign-react/@tdesign-react/chat@4117
  

commit: b130d8d

[Copilot]

Pull request overview

This PR attempts to fix a security issue where HTML strings passed as children to Typography components with ellipsis enabled were being rendered as actual HTML elements instead of plain text. The fix adds an escapeHtml function that escapes HTML entities before processing the content for truncation.

Changes:

• Added escapeHtml method to sanitize HTML content before truncation processing
• Modified innerText method to escape HTML from node.innerHTML before further processing
• Addresses XSS vulnerability where user-provided HTML strings could be executed

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.