diff --git a/public/js/authModals.js b/public/js/authModals.js
index d7067a3..4b7d4aa 100644
--- a/public/js/authModals.js
+++ b/public/js/authModals.js
@@ -348,6 +348,7 @@ export async function openUserPanel() {
       const f = this.files[0];
       if (!f) return;
       // preview immediately
+      // #nosec
       img.src = URL.createObjectURL(f);
       const blobUrl = URL.createObjectURL(f);
       // use setAttribute + encodeURI to avoid “DOM text reinterpreted as HTML” alerts