fix: remove XSS via innerHTML and add setTimeout cleanup

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

frontend/src/pages/GenerateSynthesis.tsx

@@ -3,6 +3,7 @@ import {
   createSignal,
   createEffect,
   onMount,
+  onCleanup,
   Show,
   For,
 } from 'solid-js';
@@ -184,9 +185,10 @@ const GenerateSynthesis: Component = () => {
     const synthId = conn.completedSynthesisId();
     if (synthId) {
       setSuccess(true);
-      setTimeout(() => {
+      const navTimer = setTimeout(() => {
         navigate(`/synthesis/${synthId}`);
       }, 2000);
+      onCleanup(() => clearTimeout(navTimer));
     }
   });
 
@@ -246,10 +248,9 @@ const GenerateSynthesis: Component = () => {
               {t('generate.title')}
             </h3>
             <div class="mt-2 max-w-xl text-sm text-gray-500">
-              <p innerHTML={t('generate.description', {
+              <p class="text-gray-600">
-                days: String(settings().max_age_days),
+                {t('generate.description', { days: String(settings().max_age_days), theme: settings().theme })}
-                theme: settings().theme,
+              </p>
-              })} />
               <Show when={settings().ai_provider}>
                 <p class="mt-2 text-sm text-gray-500">
                   <span class="font-medium text-gray-600">{t('generate.provider')}</span>{' '}