Updated client-side DOM manipulation functions to unescape char-codes before injecting them via innerText instead of raw-dogging it into innerHTML

2025-04-12 07:21:36 -04:00 · 2025-04-12 07:21:36 -04:00 · 4ed4b572f2
commit 4ed4b572f2
parent e46513cc1a
10 changed files with 25 additions and 26 deletions
--- a/www/js/channel/userlist.js
+++ b/www/js/channel/userlist.js
@ -100,7 +100,7 @@ class userList{
        //Create high-level label
        var highLevel = document.createElement('p');
        highLevel.classList.add("user-list-high-level","high-level");
-        highLevel.innerHTML = `${user.highLevel}`;
+        highLevel.textContent = `${user.highLevel}`;

        //Create nameplate
        var userEntry = document.createElement('p');