rule:javascript.express.security.audit.xss.direct-response-write.direct-response-write: Detected directly writing to a Response object. This bypasses any HTML escaping and may expose your app to a cross-site scripting (XSS) vulnerability. Instead, use 'resp.render()' to render safely escaped HTML. Details: https://sg.run/vzGl