From 074621be54ad35c2fd8ece924d51f16f7104db0a Mon Sep 17 00:00:00 2001
From: Adam Warner <me@adamwarner.co.uk>
Date: Sun, 11 Apr 2021 20:04:34 +0100
Subject: [PATCH] use textContent instead ot innerHTML to prevent possible xss
 attack

Signed-off-by: Adam Warner <me@adamwarner.co.uk>
---
 scripts/pi-hole/js/utils.js | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/scripts/pi-hole/js/utils.js b/scripts/pi-hole/js/utils.js
index 73e38258..468fb441 100644
--- a/scripts/pi-hole/js/utils.js
+++ b/scripts/pi-hole/js/utils.js
@@ -270,8 +270,8 @@ function addFromQueryLog(domain, list) {
 
   var listtype = list === "white" ? "Whitelist" : "Blacklist";
 
-  alProcessing.children(alDomain).html(domain);
-  alProcessing.children(alList).html(listtype);
+  alProcessing.children(alDomain).text(domain);
+  alProcessing.children(alList).text(listtype);
   alertModal.modal("show");
 
   // add Domain to List after Modal has faded in
@@ -298,8 +298,8 @@ function addFromQueryLog(domain, list) {
           }, 10000);
         } else {
           // Success
-          alSuccess.children(alDomain).html(domain);
-          alSuccess.children(alList).html(listtype);
+          alSuccess.children(alDomain).text(domain);
+          alSuccess.children(alList).text(listtype);
           alSuccess.fadeIn(1000);
           setTimeout(function () {
             alertModal.modal("hide");