From a2c6b4e4a1e54e704eb071db74b341a91c4dddfe Mon Sep 17 00:00:00 2001
From: Eric Passmore <eric.passmore@gmail.com>
Date: Wed, 30 Oct 2024 16:47:21 -0700
Subject: [PATCH] sanatize strings displayed in control page

---
 webcontent/control.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/webcontent/control.html b/webcontent/control.html
index de7c93f..85c6198 100644
--- a/webcontent/control.html
+++ b/webcontent/control.html
@@ -75,14 +75,14 @@ <h3 id="control-meta-data-file">Control</h3>
     // Select the <h3> child of the div with id="error-message"
     const errorMessageH3 = document.querySelector("#error-message h3");
     if (errorMessageH3) {
-      errorMessageH3.innerHTML = error;
+      errorMessageH3.textContent = error.replace(/[&<>'";]/g, '');
       document.getElementById("error-message").style.display = "block";
     }
   } else if (success) {
     // Select the <h3> child of the div with id="success-message"
     const successMessageH3 = document.querySelector("#success-message h3");
     if (successMessageH3) {
-      successMessageH3.innerHTML = success;
+      successMessageH3.textContent = success.replace(/[&<>'";]/g, '');;
       document.getElementById("success-message").style.display = "block";
     }
   }