diff --git a/CHANGELOG.md b/CHANGELOG.md
index d9e57cd..2d9dac0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Changelog
 
+## Changes 12/5/2025 (v2.3.4)
+
+release(v2.3.4): fix(admin): use textContent for footer preview to satisfy CodeQL
+
 ## Changes 12/5/2025 (v2.3.3)
 
 release(v2.3.3): footer branding, Pro bundle UX + file list polish
diff --git a/public/js/adminPanel.js b/public/js/adminPanel.js
index fdf9cc7..1a9f73d 100644
--- a/public/js/adminPanel.js
+++ b/public/js/adminPanel.js
@@ -117,12 +117,12 @@ function applyFooterFromAdmin() {
 
     const val = (document.getElementById('brandingFooterHtml')?.value || '').trim();
     if (val) {
-      // Allow HTML here – rely on backend sanitizing what gets stored.
-      footerEl.innerHTML = val;
+      // Show raw text in the live preview; HTML will be rendered on real page load
+      footerEl.textContent = val;
     } else {
       const year = new Date().getFullYear();
       footerEl.innerHTML =
-  `&copy; ${year}&nbsp;<a href="https://filerise.net" target="_blank" rel="noopener noreferrer">FileRise</a>`;
+        `&copy; ${year}&nbsp;<a href="https://filerise.net" target="_blank" rel="noopener noreferrer">FileRise</a>`;
     }
   } catch (e) {
     console.warn('Failed to live-update footer from admin panel', e);