Updated client-side DOM manipulation functions to unescape char-codes before injecting them via innerText instead of raw-dogging it into innerHTML

2025-04-12 07:21:36 -04:00 · 2025-04-12 07:21:36 -04:00 · 4ed4b572f2
commit 4ed4b572f2
parent e46513cc1a
10 changed files with 25 additions and 26 deletions
--- a/www/js/utils.js
+++ b/www/js/utils.js
@ -330,7 +330,7 @@ class canopyUXUtils{

            //Create menu title
            const menuTitle = document.createElement('h2');
-            menuTitle.innerHTML = this.title;
+            menuTitle.textContent = utils.unescapeEntities(this.title);

            //Append the title to the tooltip
            this.tooltip.append(menuTitle);
@ -338,7 +338,7 @@ class canopyUXUtils{
            for(let choice of this.menuMap){
                //Create button
                const button = document.createElement('button');
-                button.innerHTML = choice[0];
+                button.textContent = utils.unescapeEntities(choice[0]);

                //Add event listeners
                button.addEventListener('click', choice[1]);