fix(tkuser): XSS 미이스케이프 4개소 수정 — escHtml() 누락 보완

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

user-management/web/static/js/tkuser-vacations.js

@@ -65,13 +65,13 @@ function renderVacTypeSidebar() {
         <div class="group flex items-center justify-between p-2 rounded-lg ${vt.is_active ? 'bg-gray-50' : 'bg-gray-50 opacity-50'} hover:bg-blue-50 transition-colors">
             <div class="flex-1 min-w-0">
                 <div class="text-sm font-medium text-gray-800 truncate flex items-center gap-1.5">
-                    ${vt.type_name}
+                    ${escHtml(vt.type_name)}
                     ${vt.is_system ? '<span class="text-[10px] px-1 py-0.5 rounded bg-blue-50 text-blue-500">시스템</span>' : ''}
                     ${vt.is_special ? '<span class="text-[10px] px-1 py-0.5 rounded bg-purple-50 text-purple-500">특별</span>' : ''}
                     ${!vt.is_active ? '<span class="text-[10px] px-1 py-0.5 rounded bg-gray-100 text-gray-400">비활성</span>' : ''}
                 </div>
                 <div class="text-xs text-gray-400 mt-0.5">
-                    ${vt.type_code} | 차감 ${vt.deduct_days}일 | 우선순위 ${vt.priority}
+                    ${escHtml(vt.type_code)} | 차감 ${vt.deduct_days}일 | 우선순위 ${vt.priority}
                 </div>
             </div>
             <div class="flex gap-0.5 ml-1 flex-shrink-0 opacity-0 group-hover:opacity-100 transition-opacity">