fix(tkuser): XSS 미이스케이프 4개소 수정 — escHtml() 누락 보완

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

user-management/web/static/js/tkuser-departments.js

@@ -21,7 +21,7 @@ function displayDepartments() {
     c.innerHTML = departments.map(d => `
         <div class="flex items-center justify-between p-2.5 rounded-lg hover:bg-gray-100 transition-colors cursor-pointer ${selectedDeptForMembers === d.department_id ? 'bg-blue-50 ring-1 ring-blue-200' : 'bg-gray-50'}" onclick="showDeptMembers(${d.department_id})">
             <div class="flex-1 min-w-0">
-                <div class="text-sm font-medium text-gray-800 truncate"><i class="fas fa-sitemap mr-1.5 text-gray-400 text-xs"></i>${d.department_name}</div>
+                <div class="text-sm font-medium text-gray-800 truncate"><i class="fas fa-sitemap mr-1.5 text-gray-400 text-xs"></i>${escHtml(d.department_name)}</div>
                 <div class="text-xs text-gray-500 flex items-center gap-1.5 mt-0.5 flex-wrap">
                     <span class="text-gray-400">순서: ${d.display_order || 0}</span>
                     <span class="text-gray-400">| 팀장: ${d.leader_name ? escHtml(d.leader_name) : '<span class="text-gray-300">미지정</span>'}</span>
@@ -56,7 +56,7 @@ async function showDeptMembers(deptId) {
     const members = deptUsers.filter(u => u.department_id === deptId);
     const dept = departments.find(d => d.department_id === deptId);
     const title = panel.querySelector('h3');
-    if (title) title.innerHTML = `<i class="fas fa-users text-slate-400 mr-1.5"></i>소속 인원 — ${dept ? dept.department_name : ''}`;
+    if (title) title.innerHTML = `<i class="fas fa-users text-slate-400 mr-1.5"></i>소속 인원 — ${dept ? escHtml(dept.department_name) : ''}`;
 
     if (!members.length) {
         list.innerHTML = '<p class="text-gray-400 text-center py-4 text-sm">소속 인원이 없습니다</p>';