From bd8b53cd6046cef9802d593d8257392d81afb5ce Mon Sep 17 00:00:00 2001 From: Osmium Sorcerer Date: Wed, 3 Jun 2026 11:08:07 +0000 Subject: Eliminate innerHTML manipulation Construct DOM nodes directly instead of trying to sanitize every input string and dynamically updating HTML. Replace all uses of innerHTML with textContent, replaceChildren, and appendChild. This removes the need to use safeTags and replace newlines, but now requires preserving whitespace via CSS pre-wrap. Every OOC chat line is now placed into its own element instead of simply being appended to the log. This might be worse, and createTextNode is another alternative. --- webAO/client/fetchLists.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'webAO/client/fetchLists.ts') diff --git a/webAO/client/fetchLists.ts b/webAO/client/fetchLists.ts index 4e32abc9..710bc0e1 100644 --- a/webAO/client/fetchLists.ts +++ b/webAO/client/fetchLists.ts @@ -9,7 +9,7 @@ export const fetchBackgroundList = async () => { // the try catch will fail before here when there is no file const bg_select = document.getElementById("bg_select"); - bg_select.innerHTML = ""; + bg_select.replaceChildren(); bg_select.add(new Option("Custom", "0")); bg_array.forEach((background: string) => { @@ -24,7 +24,7 @@ export const fetchCharacterList = async () => { const char_select = ( document.getElementById("client_iniselect") ); - char_select.innerHTML = ""; + char_select.replaceChildren(); char_select.add(new Option("Custom", "0")); @@ -43,7 +43,7 @@ export const fetchCharacterList = async () => { export const fetchEvidenceList = async () => { const evi_select = document.getElementById("evi_select"); - evi_select.innerHTML = ""; + evi_select.replaceChildren(); evi_select.add(new Option("Custom", "0")); -- cgit