Potential fix for code scanning alert no. 1: DOM text reinterpreted as HTML
By AmmarBasha2011
Assigned to
Potential fix for [https://github.com/AmmarBasha2011/INEX-SPA/security/code-scanning/1](https://github.com/AmmarBasha2011/INEX-SPA/security/code-scanning/1) To fix the issue, we need to ensure that the `error.message` content is properly escaped before being inserted into the DOM. Instead of using `innerHTML`, which interprets the string as HTML, we should use `textContent` to safely insert the text into the DOM. If the newlines in the message need to be preserved, we can create a utility function to escape the text and replace newlines with `
` elements in a safe manner. _Suggested fixes powered by Copilot Autofix. Review carefully before merging._
Labeled:
May 24, 2025 at 02:49AM
via GitHub https://ift.tt/yMG8L5e
By AmmarBasha2011
Assigned to
Potential fix for [https://github.com/AmmarBasha2011/INEX-SPA/security/code-scanning/1](https://github.com/AmmarBasha2011/INEX-SPA/security/code-scanning/1) To fix the issue, we need to ensure that the `error.message` content is properly escaped before being inserted into the DOM. Instead of using `innerHTML`, which interprets the string as HTML, we should use `textContent` to safely insert the text into the DOM. If the newlines in the message need to be preserved, we can create a utility function to escape the text and replace newlines with `
` elements in a safe manner. _Suggested fixes powered by Copilot Autofix. Review carefully before merging._
Labeled:
May 24, 2025 at 02:49AM
via GitHub https://ift.tt/yMG8L5e