fix(setup): use safer `text` method instead of html to prevent possible XSS

see also https://api.jquery.com/html/ under "Additional Notes": "Do not use these methods to insert strings obtained from untrusted sources such as URL query parameters, cookies, or form inputs. Doing so can introduce cross-site-scripting (XSS) vulnerabilities. Remove or escape any user input before adding content to the document. " fixes #1072
2025-01-29 10:07:40 +07:00 · 2025-01-29 10:07:40 +07:00 · c9c8ee5556
parent ed33b72f57
commit c9c8ee5556
1 changed files with 1 additions and 1 deletions
--- a/src/public/app/setup.ts
+++ b/src/public/app/setup.ts
@ -110,7 +110,7 @@ async function checkOutstandingSyncs() {
 }
 function showAlert(message: string) {
-    $("#alert").html(message);
+    $("#alert").text(message);
    $("#alert").show();
 }