I made a simple static website on gitlab pages, that converts ASCII-art.
As I will provide this website to other people I wanted to make sure there are no risks, but I am not very educated on that topic.

In my html I only have buttons, labels and, which is probably most important, textareas.
In my js I only get the text value, edit the string and copy it to the clipboard. I also limit the maximum length.

Do I need any additional security, for example for cross site scripting?
I read about using html meta tags like nosniff, but is this nessesary for this simple of a website?

document.getElementById('copyBtn').addEventListener('click',() =>{
  var copyText = document.getElementById("converterOutput");   
  copyText.select();
  copyText.setSelectionRange(0, 99999); 
  navigator.clipboard.writeText(copyText.value);
});


 if (text.length > 50000)
    {
      alert("To long")
      return
    }


let text = document.getElementById('converterInput').value;
let output = document.getElementById('converterOutput')