From 3b983f12ce526c825a13053673cb3d0426ebdf74 Mon Sep 17 00:00:00 2001
From: Quentin Legot <legotquentin@gmail.com>
Date: Thu, 1 Jul 2021 20:54:10 +0200
Subject: [PATCH] fix possible xss exploit with innerHTML

---
 src/client/assets/js/index.js | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/client/assets/js/index.js b/src/client/assets/js/index.js
index 8e07644..430c637 100644
--- a/src/client/assets/js/index.js
+++ b/src/client/assets/js/index.js
@@ -21,9 +21,9 @@ document.body.onload = () => {
     minMem.max = totalMem
     maxMem.max = totalMem
     minMem.value = localStorage.getItem("minMem") != null ? localStorage.getItem("minMem") : 1024 
-    outputMinMem.innerHTML = minMem.value
+    outputMinMem.textContent = minMem.value
     maxMem.value = localStorage.getItem("maxMem") != null ? localStorage.getItem("maxMem") : 2048
-    outputMaxMem.innerHTML = maxMem.value
+    outputMaxMem.textContent = maxMem.value
     demandModsInformations()
 }
 
@@ -134,10 +134,10 @@ disconnectBtn.addEventListener('click', e => {
     ipcRenderer.send('disconnect')
 })
 
-minMem.addEventListener("input", (e) => {
-    outputMinMem.innerHTML = e.target.value
+minMem.addEventListener("input", e => {
+    outputMinMem.textContent = e.target.value
 })
 
-maxMem.addEventListener("input", (e) => {
-    outputMaxMem.innerHTML = e.target.value
+maxMem.addEventListener("input", e => {
+    outputMaxMem.textContent = e.target.value
 })
\ No newline at end of file