fix(chatai): 安全修复+代码质量改进

- _force_kill_chrome: 仅kill带--remote-debugging-port的headless chrome
- AI API: 添加60s timeout + run_in_executor避免阻塞事件循环
- AI系统提示抽取为常量
- markdown转图片: 移除错误的html.escape前置
- screenshot: 等待渲染完成替代固定sleep
- 错误信息不再暴露异常详情给用户

danding_bot/plugins/chatai/screenshot.py

@@ -8,9 +8,9 @@ async def markdown_to_image(markdown_text: str, output_path: str, browser=None):
     page = None
     should_close_browser = False
     try:
-        # 转义用户输入中的HTML特殊字符，防止XSS
-        safe_text = html_module.escape(markdown_text)
-        html_content = markdown.markdown(safe_text)
+        # Convert markdown to HTML. The markdown library handles special chars safely.
+        # Note: do NOT html.escape() before markdown.markdown() - it breaks markdown syntax.
+        html_content = markdown.markdown(markdown_text, extensions=["fenced_code", "tables"])
         
         # 使用传入的浏览器实例或创建新的
         if browser is None:
@@ -19,6 +19,7 @@ async def markdown_to_image(markdown_text: str, output_path: str, browser=None):
             should_close_browser = True
             
         page = await browser.newPage()
+        page.setDefaultNavigationTimeout(15000)
         
         # 设置页面样式，使内容更美观
         await page.setContent(f"""
@@ -122,7 +123,10 @@ async def markdown_to_image(markdown_text: str, output_path: str, browser=None):
         """)
         
         # 等待内容渲染完成
-        await asyncio.sleep(0.5)
+        try:
+            await asyncio.wait_for(page.waitForNavigation({'waitUntil': 'networkidle0'}), timeout=10)
+        except Exception:
+            pass  # rendering may already be complete
         
         # 获取内容尺寸并设置视口
         dimensions = await page.evaluate('''() => {