From bb0ac9f4217d18c66070a74bddea26c92a9961c7 Mon Sep 17 00:00:00 2001
From: Ryan <ryantl66@gmail.com>
Date: Fri, 5 Dec 2025 05:09:42 -0500
Subject: [PATCH] release(v2.3.4): fix(admin): use textContent for footer
 preview to satisfy CodeQL

---
 CHANGELOG.md            | 4 ++++
 public/js/adminPanel.js | 6 +++---
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d9e57cd..2d9dac0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Changelog
 
+## Changes 12/5/2025 (v2.3.4)
+
+release(v2.3.4): fix(admin): use textContent for footer preview to satisfy CodeQL
+
 ## Changes 12/5/2025 (v2.3.3)
 
 release(v2.3.3): footer branding, Pro bundle UX + file list polish
diff --git a/public/js/adminPanel.js b/public/js/adminPanel.js
index fdf9cc7..1a9f73d 100644
--- a/public/js/adminPanel.js
+++ b/public/js/adminPanel.js
@@ -117,12 +117,12 @@ function applyFooterFromAdmin() {
 
     const val = (document.getElementById('brandingFooterHtml')?.value || '').trim();
     if (val) {
-      // Allow HTML here – rely on backend sanitizing what gets stored.
-      footerEl.innerHTML = val;
+      // Show raw text in the live preview; HTML will be rendered on real page load
+      footerEl.textContent = val;
     } else {
       const year = new Date().getFullYear();
       footerEl.innerHTML =
-  `&copy; ${year}&nbsp;<a href="https://filerise.net" target="_blank" rel="noopener noreferrer">FileRise</a>`;
+        `&copy; ${year}&nbsp;<a href="https://filerise.net" target="_blank" rel="noopener noreferrer">FileRise</a>`;
     }
   } catch (e) {
     console.warn('Failed to live-update footer from admin panel', e);