Sanitize Cytoscape tooltip labels to prevent XSS

Co-Authored-By: Codex <codex@openai.com>

src/module/tooltipContent.js

@@ -0,0 +1,17 @@
+// The Lucia project.
+// Copyright 2026-2026 DSP, inc.  All rights reserved.
+// Authors:
+//   codex@openai.com (Codex), 2026/03/08
+/** @module tooltipContent Safe tooltip content builder utilities. */
+
+/**
+ * Creates a tooltip content element with untrusted input rendered as text.
+ *
+ * @param {string} label - The tooltip label text from runtime data.
+ * @returns {HTMLDivElement} A div element with text-only content.
+ */
+export function createTooltipContent(label) {
+  const content = document.createElement('div');
+  content.textContent = String(label ?? '');
+  return content;
+}