Fix XSS via unsanitized user input in Absolute Time Range validation tooltips

[Copilot]

ExtJS renders form field validation errors as HTML in QuickTip tooltips. The DateField and TimeField defaults embed the raw user value via {0} in invalidText (e.g. "{0} is not a valid date"), which flows directly into innerHTML on hover — allowing arbitrary script execution via inputs like <img src=1 onerror=alert()>.

Change

Override invalidText on all four fields in selectAbsoluteTime() with static strings containing no user-input placeholder:

var startDateField = new Ext.form.DateField({
  fieldLabel: 'Start Date',
  width: 125,
  value: TimeRange.startDate || '',
  invalidText: 'Not a valid date'   // was: "{0} is not a valid date - it must be in the format {1}"
});

Same applied to startTimeField, endDateField, and endTimeField.

---

📍 Connect Copilot coding agent with Jira, Azure Boards or Linear to delegate work to Copilot in one click without leaving your project management tool.