Closed isovel closed 2 years ago
Replaced all instances of Node.innerHTML with Node.textContent. Node.innerHTML is an unsafe way of setting user generated text, as it allows for arbitrary injection of html tags.
Node.innerHTML
Node.textContent
hmm yeah, was quickly put together so i forgot about this. thanks.
Replaced all instances of
Node.innerHTML
withNode.textContent
.Node.innerHTML
is an unsafe way of setting user generated text, as it allows for arbitrary injection of html tags.