Fix alert - DOM text reinterpreted as HTML

frdedynamics / find_the_duck

🐤 A social game. Have you found the duck? Write your name and hide it again for the next person!

https://frdedynamics.github.io/find_the_duck/

ISC License

1 stars 1 forks source link

Closed swampbear closed 1 week ago

swampbear commented 1 week ago

The appendToCardsContainer has a problem where the contents are interpreted as HTML without escaping the metatags.

To solve the issue we need to escape tags before they are placed in innerHTML Tracking issue for: