Updated client-side DOM manipulation functions to unescape char-codes before injecting them via innerText instead of raw-dogging it into innerHTML

www/js/channel/chat.js

@@ -109,7 +109,7 @@ class chatBox{
         //Create high-level label
         var highLevel = document.createElement('p');
         highLevel.classList.add("chat-panel-buffer","chat-entry-high-level","high-level");
-        highLevel.innerHTML = `${data.highLevel}`;
+        highLevel.textContent = utils.unescapeEntities(`${data.highLevel}`);
         chatEntry.appendChild(highLevel);
 
         //Create username label
@@ -125,8 +125,8 @@ class chatBox{
         //Create color span
         var colorSpan = document.createElement('span');
         colorSpan.classList.add("chat-entry-flair-span", flair);
-        colorSpan.innerHTML = `${data.user}`;
-        userLabel.innerHTML = `${colorSpan.outerHTML}: `;
+        colorSpan.textContent = utils.unescapeEntities(`${data.user}`);
+        userLabel.textContent = utils.unescapeEntities(`${colorSpan.outerHTML}: `);
 
         chatEntry.appendChild(userLabel);
 
@@ -277,7 +277,7 @@ class chatBox{
             var flairOption = document.createElement('option');
             //Set the name and innerHTML
             flairOption.value = flair.name;
-            flairOption.innerHTML = flair.displayName;
+            flairOption.textContent = utils.unescapeEntities(flair.displayName);
 
             //Append it to the select
             this.flairSelect.appendChild(flairOption);