fix: address coderabbitai review - XSS, null guards, defaults, priority sort

Amp-Thread-ID: https://ampcode.com/threads/T-019bb479-36cd-721b-8415-b0723dfeea83
Co-authored-by: Amp <amp@ampcode.com>

src/extensions/core/nodeTemplates.ts

@@ -222,13 +222,15 @@ class ManageTemplates extends ComfyDialog {
                   if (target === this.draggedEl) return
 
                   const rect = target.getBoundingClientRect()
-                  if (e.clientY > rect.top + rect.height / 2) {
-                    target.parentNode?.insertBefore(
-                      this.draggedEl!,
-                      target.nextSibling
-                    )
-                  } else {
-                    target.parentNode?.insertBefore(this.draggedEl!, target)
+                  if (this.draggedEl) {
+                    if (e.clientY > rect.top + rect.height / 2) {
+                      target.parentNode?.insertBefore(
+                        this.draggedEl,
+                        target.nextSibling
+                      )
+                    } else {
+                      target.parentNode?.insertBefore(this.draggedEl, target)
+                    }
                   }
                 }
               },

src/lib/litegraph/src/LGraph.ts

@@ -707,12 +707,12 @@ export class LGraph
       const priorityA =
         ('priority' in ctorA && typeof ctorA.priority === 'number'
           ? ctorA.priority
-          : 0) ||
+          : 0) ??
         ('priority' in A && typeof A.priority === 'number' ? A.priority : 0)
       const priorityB =
         ('priority' in ctorB && typeof ctorB.priority === 'number'
           ? ctorB.priority
-          : 0) ||
+          : 0) ??
         ('priority' in B && typeof B.priority === 'number' ? B.priority : 0)
       // if same priority, sort by order
       return priorityA == priorityB ? A.order - B.order : priorityA - priorityB

src/lib/litegraph/src/LGraphCanvas.ts

@@ -1,3 +1,4 @@
+import { default as DOMPurify } from 'dompurify'
 import { toString } from 'es-toolkit/compat'
 
 import { PREFIX, SEPARATOR } from '@/constants/groupNodeConstants'
@@ -7877,7 +7878,7 @@ export class LGraphCanvas implements CustomEventDispatcher<LGraphCanvasEventMap>
       const nodeDesc =
         'desc' in ctor && typeof ctor.desc === 'string' ? ctor.desc : ''
       panel.addHTML(
-        `<span class='node_type'>${node.type}</span><span class='node_desc'>${nodeDesc}</span><span class='separator'></span>`
+        `<span class='node_type'>${DOMPurify.sanitize(node.type ?? '')}</span><span class='node_desc'>${DOMPurify.sanitize(nodeDesc)}</span><span class='separator'></span>`
       )
 
       panel.addHTML('<h3>Properties</h3>')

src/scripts/ui.ts

@@ -347,7 +347,7 @@ export class ComfyUI {
   history: ComfyList
   autoQueueMode!: string
   graphHasChanged!: boolean
-  autoQueueEnabled!: boolean
+  autoQueueEnabled: boolean = false
   menuContainer!: HTMLDivElement
   queueSize!: Element
   restoreMenuPosition!: () => void