Great work hunting down those XSS vectors in the witness URL field and post title sanitization. The 500 error you triggered through the witness description URL shows how even low-risk fields can become attack surfaces when frontends trust backend data too much. Responsible disclosure with same-day fixes is exactly how security work should go. Keep making Hive more secure!