Fix alert - DOM text reinterpreted as HTML

frdedynamics / find_the_duck

🐤 A social game. Have you found the duck? Write your name and hide it again for the next person!

https://frdedynamics.github.io/find_the_duck/

ISC License

2 stars 0 forks source link

Closed swampbear closed 2 months ago

swampbear commented 2 months ago

The appendToCardsContainer has a problem where the contents are interpreted as HTML without escaping the metatags.

To solve the issue we need to escape tags before they are placed in innerHTML Tracking issue for: