diff --git a/static/ui.js b/static/ui.js
index 9c90e526..888a6971 100644
--- a/static/ui.js
+++ b/static/ui.js
@@ -664,7 +664,7 @@ function _sanitizeThinkingDisplayText(text){
 }
 
 function renderMd(raw){
-  let s=raw||'';
+  let s=(raw||'').replace(/\r\n/g,'\n').replace(/\r/g,'\n');
   // ── MEDIA: token stash (must run first, before any other processing) ───────
   // Detect MEDIA:<path-or-url> tokens emitted by the agent (e.g. screenshots,
   // generated images) and replace them with inline <img> or download links.
@@ -731,6 +731,8 @@ function renderMd(raw){
     t=t.replace(/\*\*\*(.+?)\*\*\*/g,(_,x)=>`<strong><em>${esc(x)}</em></strong>`);
     t=t.replace(/\*\*(.+?)\*\*/g,(_,x)=>`<strong>${esc(x)}</strong>`);
     t=t.replace(/\*([^*\n]+)\*/g,(_,x)=>`<em>${esc(x)}</em>`);
+    // Strikethrough: ~~text~~ → <del>text</del>
+    t=t.replace(/~~(.+?)~~/g,(_,x)=>`<del>${esc(x)}</del>`);
     // #487: Image pass — runs while code stash is active so ![x](url) inside
     // backticks stays protected as a \x00C token and is never rendered as <img>.
     // Must run before _code_stash restore and before _link_stash so the image
@@ -748,7 +750,7 @@ function renderMd(raw){
     t=t.replace(/\x00G(\d+)\x00/g,(_,i)=>_img_stash[+i]);
     // Escape any plain text that isn't already wrapped in a tag we produced
     // by escaping bare < > that are not part of our own tags
-    const SAFE_INLINE=/^<\/?(strong|em|code|a|img)([\s>]|$)/i;
+    const SAFE_INLINE=/^<\/?(strong|em|del|code|a|img)([\s>]|$)/i;
     t=t.replace(/<\/?[a-z][^>]*>/gi,tag=>SAFE_INLINE.test(tag)?tag:esc(tag));
     return t;
   }
@@ -759,31 +761,47 @@ function renderMd(raw){
   s=s.replace(/\*\*\*(.+?)\*\*\*/g,(_,t)=>`<strong><em>${esc(t)}</em></strong>`);
   s=s.replace(/\*\*(.+?)\*\*/g,(_,t)=>`<strong>${esc(t)}</strong>`);
   s=s.replace(/\*([^*\n]+)\*/g,(_,t)=>`<em>${esc(t)}</em>`);
+  s=s.replace(/~~(.+?)~~/g,(_,t)=>`<del>${esc(t)}</del>`);
   s=s.replace(/\x00O(\d+)\x00/g,(_,i)=>_ob_stash[+i]);
   s=s.replace(/^### (.+)$/gm,(_,t)=>`<h3>${inlineMd(t)}</h3>`).replace(/^## (.+)$/gm,(_,t)=>`<h2>${inlineMd(t)}</h2>`).replace(/^# (.+)$/gm,(_,t)=>`<h1>${inlineMd(t)}</h1>`);
   s=s.replace(/^---+$/gm,'<hr>');
-  // Group consecutive > lines (including bare >) into one <blockquote>.
-  // The old single-line rule (^> (.+)$) had three bugs:
-  //   1. .+ skipped bare "> " lines — they passed through as literal >
-  //   2. Each line became its own <blockquote> — no visual grouping
-  //   3. After the fenced-code pass, lines of > preceding/following code
-  //      blocks were left as literals because .+ didn't match empty lines
-  s=s.replace(/((?:^>[^\n]*(?:\n|$))+)/gm,block=>{
-    const lines=block.split('\n');
-    // Drop trailing artifacts: empty string from a trailing \n in the match
-    // (split adds '' after the final \n) and lone bare '>' lines that
-    // weren't intended as content. Without this, a blockquote whose source
-    // ends with \n (the common case — anything followed by another block)
-    // renders with a phantom <br> before </blockquote>.
-    while(lines.length&&(lines[lines.length-1].trim()===''||lines[lines.length-1].trim()==='>')){
-      lines.pop();
-    }
-    const inner=lines
-      .map(l=>l.replace(/^>[ \t]?/,''))               // strip "> " or ">"
-      .map(l=>l.trim()===''?'<br>':inlineMd(l))        // blank lines → <br>, text → inlineMd
-      .join('\n');
-    return `<blockquote>${inner}</blockquote>`;
-  });
+  // Group consecutive > lines into one <blockquote>.
+  // Handles: blank continuation lines (> alone), nested blockquotes (>>),
+  // lists inside blockquotes (> - item), and inline markdown in quoted text.
+  function _applyBlockquotes(src){
+    return src.replace(/((?:^>[^\n]*(?:\n|$))+)/gm,block=>{
+      const lines=block.split('\n');
+      // Drop trailing bare '>' artifact
+      while(lines.length&&(lines[lines.length-1].trim()==='>'||lines[lines.length-1]===''))
+        {if(lines[lines.length-1].trim()==='>'){lines.pop();break;}lines.pop();}
+      const stripped=lines.map(l=>l.replace(/^>[\t]?/,''));
+      const innerRaw=stripped.join('\n');
+      let inner;
+      if(/^>/m.test(innerRaw)){
+        // Nested blockquote: recurse so >> → <blockquote><blockquote>
+        inner=_applyBlockquotes(innerRaw);
+      } else if(/(^(?:  )?[-*+] .+)/m.test(innerRaw)){
+        // List inside blockquote: run list pass on stripped inner content
+        inner=innerRaw.replace(/((?:^(?:  )?[-*+] .+\n?)+)/gm,lb=>{
+          const ll=lb.trimEnd().split('\n');let h='<ul>';
+          for(const li of ll){
+            const txt=li.replace(/^ {0,4}[-*+] /,'');
+            let ih;
+            if(/^\[x\] /i.test(txt)) ih='<span class="task-done">✅</span> '+inlineMd(txt.slice(4));
+            else if(/^\[ \] /.test(txt)) ih='<span class="task-todo">☐</span> '+inlineMd(txt.slice(4));
+            else ih=inlineMd(txt);
+            h+=`<li>${ih}</li>`;
+          }
+          return h+'</ul>';
+        });
+      } else {
+        // Plain lines: blank line → <br>, text → inlineMd
+        inner=stripped.map(l=>l.trim()===''?'<br>':inlineMd(l)).join('\n');
+      }
+      return `<blockquote>${inner}</blockquote>`;
+    });
+  }
+  s=_applyBlockquotes(s);
   // B8: improved list handling supporting up to 2 levels of indentation
   s=s.replace(/((?:^(?:  )?[-*+] .+\n?)+)/gm,block=>{
     const lines=block.trimEnd().split('\n');
@@ -791,8 +809,12 @@ function renderMd(raw){
     for(const l of lines){
       const indent=/^ {2,}/.test(l);
       const text=l.replace(/^ {0,4}[-*+] /,'');
-      if(indent) html+=`<li style="margin-left:16px">${inlineMd(text)}</li>`;
-      else html+=`<li>${inlineMd(text)}</li>`;
+      let _ih;
+      if(/^\[x\] /i.test(text)) _ih='<span class="task-done">✅</span> '+inlineMd(text.slice(4));
+      else if(/^\[ \] /.test(text)) _ih='<span class="task-todo">☐</span> '+inlineMd(text.slice(4));
+      else _ih=inlineMd(text);
+      if(indent) html+=`<li style="margin-left:16px">${_ih}</li>`;
+      else html+=`<li>${_ih}</li>`;
     }
     return html+'</ul>';
   });
@@ -841,7 +863,7 @@ function renderMd(raw){
   // Our pipeline only emits: <strong>,<em>,<code>,<pre>,<h1-6>,<ul>,<ol>,<li>,
   // <table>,<thead>,<tbody>,<tr>,<th>,<td>,<hr>,<blockquote>,<p>,<br>,<a>,
   // <div class="..."> (mermaid/pre-header). Everything else is untrusted input.
-  const SAFE_TAGS=/^<\/?(strong|em|code|pre|h[1-6]|ul|ol|li|table|thead|tbody|tr|th|td|hr|blockquote|p|br|a|img|div|span)([\s>]|$)/i;
+  const SAFE_TAGS=/^<\/?(strong|em|del|code|pre|h[1-6]|ul|ol|li|table|thead|tbody|tr|th|td|hr|blockquote|p|br|a|img|div|span)([\s>]|$)/i;
   s=s.replace(/<\/?[a-z][^>]*>/gi,tag=>SAFE_TAGS.test(tag)?tag:esc(tag));
   // Autolink: convert plain URLs to clickable links.
   // Stash <a>, <img> and <pre> blocks so autolink never runs inside them.
diff --git a/tests/test_issue342.py b/tests/test_issue342.py
index be3b165d..e733d056 100644
--- a/tests/test_issue342.py
+++ b/tests/test_issue342.py
@@ -31,7 +31,7 @@ def test_autolink_regex_in_rendermd():
     rendermd_start = content.find('function renderMd(raw){')
     assert rendermd_start != -1, "renderMd function not found in ui.js"
     # Find the closing brace after renderMd (look for the autolink pattern within it)
-    rendermd_body = content[rendermd_start:rendermd_start + 5000]
+    rendermd_body = content[rendermd_start:rendermd_start + 10000]
     assert 'https?:\\/\\/' in rendermd_body, (
         "Autolink regex (https?:\\/\\/) not found inside renderMd() body."
     )
diff --git a/tests/test_renderer_comprehensive.py b/tests/test_renderer_comprehensive.py
new file mode 100644
index 00000000..74034051
--- /dev/null
+++ b/tests/test_renderer_comprehensive.py
@@ -0,0 +1,366 @@
+"""Comprehensive renderer audit tests for static/ui.js renderMd().
+
+This file covers the full suite of markdown constructs an LLM might produce,
+with a focus on edge cases and combinations. Tests are grouped by construct.
+
+Python mirrors the renderMd/inlineMd pipeline at the level needed for each
+test — either source-level assertions (checking the JS source directly) or
+behavioural assertions (checking rendered HTML via a Python mirror).
+"""
+import re
+import pathlib
+
+UI_JS = (pathlib.Path(__file__).parent.parent / "static" / "ui.js").read_text(encoding="utf-8")
+
+import html as _html
+
+
+def _esc(s):
+    return _html.escape(str(s), quote=True)
+
+
+def _inline_md(t):
+    """Mirror of inlineMd() in ui.js — processes one line of text."""
+    _code_stash = []
+    t = re.sub(r"`([^`\n]+)`",
+               lambda m: (_code_stash.append(f"<code>{_esc(m.group(1))}</code>")
+                          or f"\x00C{len(_code_stash)-1}\x00"), t)
+    t = re.sub(r"\*\*\*(.+?)\*\*\*", lambda m: f"<strong><em>{_esc(m.group(1))}</em></strong>", t)
+    t = re.sub(r"\*\*(.+?)\*\*",     lambda m: f"<strong>{_esc(m.group(1))}</strong>", t)
+    t = re.sub(r"\*([^*\n]+)\*",     lambda m: f"<em>{_esc(m.group(1))}</em>", t)
+    t = re.sub(r"~~(.+?)~~",         lambda m: f"<del>{_esc(m.group(1))}</del>", t)
+    t = re.sub(r"\x00C(\d+)\x00", lambda m: _code_stash[int(m.group(1))], t)
+    return t
+
+
+def _apply_blockquotes(src):
+    """Mirror of _applyBlockquotes() — handles nested + lists + blank lines."""
+    def replacer(m):
+        block = m.group(0)
+        lines = block.split("\n")
+        while lines and (lines[-1].strip() in (">", "")):
+            if lines[-1].strip() == ">":
+                lines.pop(); break
+            lines.pop()
+        stripped = [re.sub(r"^>[ \t]?", "", l) for l in lines]
+        inner_raw = "\n".join(stripped)
+        if re.search(r"^>", inner_raw, re.MULTILINE):
+            inner = _apply_blockquotes(inner_raw)
+        elif re.search(r"^(  )?[-*+] .+", inner_raw, re.MULTILINE):
+            def inner_list(lb):
+                ll = lb.strip().split("\n"); h = "<ul>"
+                for li in ll:
+                    txt = re.sub(r"^ {0,4}[-*+] ", "", li)
+                    if re.match(r"\[x\] ", txt, re.I): ih = f"✅ {_inline_md(txt[4:])}"
+                    elif txt.startswith("[ ] "): ih = f"☐ {_inline_md(txt[4:])}"
+                    else: ih = _inline_md(txt)
+                    h += f"<li>{ih}</li>"
+                return h + "</ul>"
+            inner = re.sub(r"((?:^(?:  )?[-*+] .+\n?)+)", lambda m2: inner_list(m2.group(0)),
+                           inner_raw, flags=re.MULTILINE)
+        else:
+            inner = "\n".join("<br>" if l.strip() == "" else _inline_md(l) for l in stripped)
+        return f"<blockquote>{inner}</blockquote>"
+    return re.sub(r"((?:^>[^\n]*(?:\n|$))+)", replacer, src, flags=re.MULTILINE)
+
+
+# ─────────────────────────────────────────────────────────────────────────────
+# Source-level structural checks (JS must contain these patterns)
+# ─────────────────────────────────────────────────────────────────────────────
+
+class TestSourceStructure:
+    """Verify key patterns are present in ui.js."""
+
+    def test_crlf_normalisation_present(self):
+        assert ".replace(/\\r\\n/g,'\\n').replace(/\\r/g,'\\n')" in UI_JS, (
+            "renderMd must normalise \\r\\n and bare \\r to \\n at the start"
+        )
+
+    def test_strikethrough_in_inline_md(self):
+        assert "~~(.+?)~~" in UI_JS and "<del>" in UI_JS, (
+            "inlineMd must handle ~~strikethrough~~ → <del>"
+        )
+
+    def test_del_in_safe_tags(self):
+        assert "del" in UI_JS and "SAFE_TAGS" in UI_JS, (
+            "<del> must be in SAFE_TAGS so it is not HTML-escaped"
+        )
+
+    def test_del_in_safe_inline(self):
+        # SAFE_INLINE is used inside inlineMd
+        safe_inline_idx = UI_JS.find("SAFE_INLINE")
+        assert safe_inline_idx >= 0
+        window = UI_JS[safe_inline_idx: safe_inline_idx + 100]
+        assert "del" in window, "<del> must be in SAFE_INLINE"
+
+    def test_task_list_checked_handled(self):
+        assert "task-done" in UI_JS or "\\u2705" in UI_JS or "✅" in UI_JS, (
+            "Checked task list items [x] must produce a ✅ or task-done class"
+        )
+
+    def test_task_list_unchecked_handled(self):
+        assert "task-todo" in UI_JS or "\\u2610" in UI_JS or "☐" in UI_JS, (
+            "Unchecked task list items [ ] must produce ☐ or task-todo class"
+        )
+
+    def test_nested_blockquote_recurse(self):
+        assert "_applyBlockquotes" in UI_JS, (
+            "Blockquote handler must use a named function for recursive nesting"
+        )
+
+    def test_blockquote_handler_is_function(self):
+        assert "function _applyBlockquotes" in UI_JS, (
+            "Must define _applyBlockquotes as a named inner function for recursion"
+        )
+
+    def test_old_single_line_blockquote_removed(self):
+        assert "replace(/^> (.+)$/gm" not in UI_JS, (
+            "Old single-line blockquote rule must be removed"
+        )
+
+    def test_h1_h2_h3_handled(self):
+        for h in ("h1", "h2", "h3"):
+            assert f"<{h}>" in UI_JS or f"`<{h}>" in UI_JS
+
+    def test_ordered_list_value_attr(self):
+        assert 'value=' in UI_JS, "Ordered list items must use value= to preserve numbering"
+
+    def test_table_handler_present(self):
+        assert "<table>" in UI_JS and "<thead>" in UI_JS
+
+    def test_fenced_code_lang_header(self):
+        assert "pre-header" in UI_JS
+
+    def test_autolink_present(self):
+        # JS stores regex slashes as \/ — search for both forms
+        assert ("https?:\\/\\/" in UI_JS or "https?://" in UI_JS) and "target=\"_blank\"" in UI_JS
+
+
+# ─────────────────────────────────────────────────────────────────────────────
+# Behavioural: inline formatting
+# ─────────────────────────────────────────────────────────────────────────────
+
+class TestInlineFormatting:
+
+    def test_bold(self):
+        assert _inline_md("**bold**") == "<strong>bold</strong>"
+
+    def test_italic(self):
+        assert _inline_md("*italic*") == "<em>italic</em>"
+
+    def test_bold_italic(self):
+        out = _inline_md("***bi***")
+        assert "<strong><em>" in out
+
+    def test_strikethrough(self):
+        out = _inline_md("~~deleted~~")
+        assert "<del>deleted</del>" == out
+
+    def test_strikethrough_inline(self):
+        out = _inline_md("keep ~~remove~~ keep")
+        assert "<del>remove</del>" in out
+        assert "keep" in out
+
+    def test_inline_code(self):
+        out = _inline_md("`git status`")
+        assert "<code>git status</code>" in out
+
+    def test_strikethrough_inside_code_not_processed(self):
+        out = _inline_md("`~~not deleted~~`")
+        assert "<del>" not in out
+        assert "~~not deleted~~" in out
+
+    def test_bold_with_inline_code(self):
+        # **`code`** → <strong><code>code</code></strong>
+        out = _inline_md("**`code`**")
+        # The code stash protects the backtick span from bold regex
+        assert "<code>" in out
+
+    def test_xss_in_bold(self):
+        out = _inline_md("**<script>alert(1)</script>**")
+        assert "<script>" not in out
+
+    def test_xss_in_strikethrough(self):
+        out = _inline_md("~~<img onerror=alert(1)>~~")
+        assert "onerror" not in out.lower() or "&lt;" in out
+
+
+# ─────────────────────────────────────────────────────────────────────────────
+# Behavioural: blockquotes
+# ─────────────────────────────────────────────────────────────────────────────
+
+class TestBlockquotes:
+
+    def test_single_line(self):
+        out = _apply_blockquotes("> Hello")
+        assert out.count("<blockquote>") == 1
+        assert "Hello" in out
+
+    def test_multi_line_grouped(self):
+        out = _apply_blockquotes("> Line one\n> Line two\n> Line three")
+        assert out.count("<blockquote>") == 1
+
+    def test_blank_continuation_no_literal_gt(self):
+        out = _apply_blockquotes("> Para one\n>\n> Para two")
+        assert out.count("<blockquote>") == 1
+        text = re.sub(r"<[^>]+>", "", out)
+        assert ">" not in text, f"Literal > in output: {text!r}"
+
+    def test_blank_continuation_becomes_br(self):
+        out = _apply_blockquotes("> Para one\n>\n> Para two")
+        assert "<br>" in out
+
+    def test_bare_gt_no_space(self):
+        out = _apply_blockquotes(">no space after")
+        assert out.count("<blockquote>") == 1
+        assert "no space after" in out
+
+    def test_two_separate_blockquotes(self):
+        out = _apply_blockquotes("> First\n\n> Second")
+        assert out.count("<blockquote>") == 2
+
+    def test_inline_markdown_in_blockquote(self):
+        out = _apply_blockquotes("> **bold** and *italic*")
+        assert "<strong>" in out and "<em>" in out and "<blockquote>" in out
+
+    def test_inline_code_in_blockquote(self):
+        out = _apply_blockquotes("> run `git status` first")
+        assert "<code>" in out and "<blockquote>" in out
+
+    def test_strikethrough_in_blockquote(self):
+        out = _apply_blockquotes("> ~~old~~ new")
+        assert "<del>" in out and "<blockquote>" in out
+
+    def test_nested_blockquote_double(self):
+        out = _apply_blockquotes(">> deeply nested")
+        assert out.count("<blockquote>") == 2
+
+    def test_nested_blockquote_outer_and_inner(self):
+        out = _apply_blockquotes("> outer\n>> inner line")
+        assert out.count("<blockquote>") == 2
+
+    def test_list_inside_blockquote(self):
+        out = _apply_blockquotes("> - item one\n> - item two")
+        assert "<ul>" in out and "<li>" in out and "<blockquote>" in out
+
+    def test_task_list_inside_blockquote(self):
+        out = _apply_blockquotes("> - [x] done\n> - [ ] todo")
+        assert "✅" in out or "task-done" in out
+        assert "☐" in out or "task-todo" in out
+        assert "<blockquote>" in out
+
+    def test_blockquote_followed_by_paragraph(self):
+        out = _apply_blockquotes("> Quoted\n\nNormal text")
+        assert out.count("<blockquote>") == 1
+        after = out[out.index("</blockquote>"):]
+        assert "Normal text" in after
+
+
+# ─────────────────────────────────────────────────────────────────────────────
+# Behavioural: task lists
+# ─────────────────────────────────────────────────────────────────────────────
+
+class TestTaskLists:
+
+    def _apply_list(self, block):
+        lines = block.strip().split("\n")
+        html = "<ul>"
+        for l in lines:
+            text = re.sub(r"^ {0,4}[-*+] ", "", l)
+            if re.match(r"\[x\] ", text, re.I):
+                html += f"<li>✅ {_inline_md(text[4:])}</li>"
+            elif text.startswith("[ ] "):
+                html += f"<li>☐ {_inline_md(text[4:])}</li>"
+            else:
+                html += f"<li>{_inline_md(text)}</li>"
+        return html + "</ul>"
+
+    def test_checked_item(self):
+        out = self._apply_list("- [x] done task")
+        assert "✅" in out and "done task" in out
+
+    def test_checked_uppercase_X(self):
+        out = self._apply_list("- [X] also done")
+        assert "✅" in out
+
+    def test_unchecked_item(self):
+        out = self._apply_list("- [ ] pending task")
+        assert "☐" in out and "pending task" in out
+
+    def test_mixed_task_and_normal(self):
+        out = self._apply_list("- [x] done\n- [ ] todo\n- normal")
+        assert "✅" in out and "☐" in out
+        assert "<li>" in out
+
+    def test_task_item_with_bold(self):
+        out = self._apply_list("- [x] **important** task")
+        assert "✅" in out and "<strong>" in out
+
+    def test_non_task_list_unaffected(self):
+        out = self._apply_list("- regular item\n- another item")
+        assert "✅" not in out and "☐" not in out
+
+
+# ─────────────────────────────────────────────────────────────────────────────
+# Behavioural: strikethrough edge cases
+# ─────────────────────────────────────────────────────────────────────────────
+
+class TestStrikethrough:
+
+    def test_basic(self):
+        assert _inline_md("~~text~~") == "<del>text</del>"
+
+    def test_multiword(self):
+        out = _inline_md("~~multiple words here~~")
+        assert "<del>multiple words here</del>" == out
+
+    def test_inside_bold(self):
+        # **~~text~~** — outer bold picks up the raw ~~ which inlineMd then handles
+        # In practice bold runs first in the JS, then ~~ — let's verify the pattern exists
+        out = _inline_md("~~inside strikethrough~~")
+        assert "<del>" in out
+
+    def test_xss_escaped(self):
+        out = _inline_md("~~<b>bad</b>~~")
+        assert "<b>" not in out or "&lt;b&gt;" in out
+
+
+# ─────────────────────────────────────────────────────────────────────────────
+# Edge-case combinations
+# ─────────────────────────────────────────────────────────────────────────────
+
+class TestEdgeCases:
+
+    def test_empty_string(self):
+        out = _apply_blockquotes("")
+        assert out == ""
+
+    def test_no_blockquote(self):
+        s = "just normal text"
+        assert _apply_blockquotes(s) == s
+
+    def test_crlf_in_blockquote(self):
+        # \r\n should not produce literal \r in output
+        src = "> line one\r\n> line two"
+        # First normalise \r\n (as renderMd does)
+        src = src.replace("\r\n", "\n")
+        out = _apply_blockquotes(src)
+        assert "\r" not in out
+        assert out.count("<blockquote>") == 1
+
+    def test_blockquote_with_code_and_nested(self):
+        src = "> `code`\n>> nested"
+        out = _apply_blockquotes(src)
+        # Outer blockquote wraps everything
+        assert out.count("<blockquote>") >= 2
+
+    def test_deeply_nested_blockquote(self):
+        src = ">>> triple nested"
+        out = _apply_blockquotes(src)
+        assert out.count("<blockquote>") == 3
+
+    def test_task_list_normal_list_mixed(self):
+        src = "> - [x] done\n> - normal item\n> - [ ] todo"
+        out = _apply_blockquotes(src)
+        assert "<blockquote>" in out
+        assert "<ul>" in out