fix: subscription entries not appearing after 3 additions in History tab

[NovakPAai]

Root cause

addSubEntry() and removeSubEntry() called render() → renderAnalytics(), which has an HTML cache (_analyticsHtmlCache). The cache was never invalidated on subscription mutations — it was only cleared by loadSessions() (triggered by auto-refresh while cursor sessions were loading, roughly 2–3 times on startup). New entries were saved to localStorage correctly but the old cached HTML was shown instead. This gave the impression of a hard limit of ~3 entries (however many were added during the initial auto-refresh window).

Changes

Bug fix

• Clear _analyticsHtmlCache / _analyticsCacheUrl in addSubEntry and removeSubEntry before calling render()

UX: any service, any plan

• Replace <select> dropdowns (constrained to 5 predefined services) with <input> + <datalist> — users can type any service name (GitHub Copilot, Windsurf, JetBrains AI, etc.)
• Auto-fill price on known service+plan combo via oninput with case-insensitive match
• Reset price field when service changes (prevents stale price from prior selection)

Security

• Fix stored XSS: e.from was interpolated into innerHTML without escHtml() — all other fields were escaped, this one was missed

UI polish

• Add color-scheme: dark to :root so native datalist popup and date picker match the dark theme
• Widen service input from 140px → 180px to fit longer names ("GitHub Copilot", "Amazon CodeWhisperer")
• Add aria-label to all form inputs
• Include service name in breakdown label (e.g. "Claude Pro $20" instead of just "Pro $20") for clarity with multiple subscriptions

Test plan

• Add 5+ subscription entries — all appear immediately without page refresh
• Remove an entry — list updates immediately
• Type "Claude" in Service, "Pro" in Plan — price auto-fills to 20
• Type "cursor" (lowercase) in Service, "ultra" in Plan — price auto-fills to 200
• Change service after auto-fill — price field resets
• Type a custom service name ("Windsurf") and plan ("Pro") with manual price — entry saves and displays correctly
• Open browser DevTools, manually set localStorage['codedash-subscription'] with a crafted from field containing <img src=x onerror=alert(1)> — verify it renders as escaped text, not executed
• Check datalist popup renders dark (not white) in Chrome/Edge/Firefox

[vakovalskii]

LGTM — clean fix with good explanation of root cause. CI green across Ubuntu/macOS × Node 18/20/22. Includes a nice XSS hardening as a bonus.