setAttribute + encodeURI to avoid “DOM text reinterpreted as HTML” alerts

2025-05-14 07:00:04 -04:00
parent 87368143b5
commit 1add160f5d
2 changed files with 5 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -99,6 +99,8 @@
 - **Strip trailing colons** from the stored URL (`rtrim($parts[3], ':')`) so we never send `…png:` back to the client.
 - Returns an array with both `'username'` and `'profile_picture'`, matching what `getCurrentUser.php` needs.

+### 10. setAttribute + encodeURI to avoid “DOM text reinterpreted as HTML” alerts
+
 ---

 ## Changes 5/8/2025