[SECURITY] Prevent XSS in modal component