From 81f0b40d429d60e5eb977772d61f4aef49cff34e Mon Sep 17 00:00:00 2001
From: Yannick Charton <tontonitch-pro@yahoo.fr>
Date: Thu, 21 Sep 2023 10:48:56 +0200
Subject: [PATCH] Update tablesort.js - security fix

To fix DOM text is reinterpreted as HTML without escaping meta-characters. (CodeQL)
---
 share/js/tablesort.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/share/js/tablesort.js b/share/js/tablesort.js
index f87d90e..82bf8ba 100644
--- a/share/js/tablesort.js
+++ b/share/js/tablesort.js
@@ -226,7 +226,7 @@ fdTableSort = {
 
                                                 aclone = a.cloneNode(true);
                                                 //aclone.appendChild(document.createTextNode(thtext));
-                                                aclone.innerHTML = thtext;
+                                                aclone.innerText = thtext;
                                                 aclone.title = "Sort on \u201c" + thtext.replace('<br />', '') + "\u201d";
                                                 aclone.onclick = aclone.onkeydown = workArr[c][i].onclick = fdTableSort.initWrapper;
                                                 workArr[c][i].appendChild(aclone);