Updated client-side DOM manipulation functions to unescape char-codes before injecting them via innerText instead of raw-dogging it into innerHTML

www/js/channelSettings.js

@@ -114,7 +114,7 @@ class rankList{
                     //Create an option for the given rank
                     const rankOption = document.createElement('option');
                     rankOption.value = rank;
-                    rankOption.innerHTML = rank;
+                    rankOption.textContent = utils.unescapeEntities(rank);
                     rankOption.selected = user.rank == rank;
                     rankContent.appendChild(rankOption);
                 });
@@ -343,7 +343,7 @@ class tokeCommandList{
 
         //Create toke command label
         const tokeLabel = document.createElement('p');
-        tokeLabel.innerHTML = `!${toke}`;
+        tokeLabel.textContent = utils.unescapeEntities(`!${toke}`);
         tokeLabel.classList.add('toke-command-list');
 
         //Create toke command delete icon
@@ -453,7 +453,7 @@ class emoteList{
             //Set title class
             emoteTitle.classList.add('emote-list-title');
             //Set emote title
-            emoteTitle.innerHTML = `[${emote.name}]`;
+            emoteTitle.textContent = utils.unescapeEntities(`[${emote.name}]`);
             
             //Create delete icon
             const deleteIcon = document.createElement('i');
@@ -504,7 +504,7 @@ class deleteAccountPopup{
         this.label = document.querySelector("#delete-channel-popup-content");
 
         //Fill channel label
-        this.label.innerHTML = this.label.innerHTML.replaceAll("[CHANNEL]", this.channel);
+        this.label.textContent = this.label.textContent.replaceAll("[CHANNEL]", utils.unescapeEntities(this.channel));
 
         this.setupInput();
     }