From 0053e7d900e88aad81313bd2fbd87982a5d5c8c0 Mon Sep 17 00:00:00 2001
From: Eduard Ursu <eduardursu78@gmail.com>
Date: Thu, 22 Jan 2026 10:27:27 +0100
Subject: [PATCH] Potential fix for code scanning alert no. 4: DOM text
 reinterpreted as HTML

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 src/js/components/blacklistManager.js | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/js/components/blacklistManager.js b/src/js/components/blacklistManager.js
index a1ca810..a81df34 100644
--- a/src/js/components/blacklistManager.js
+++ b/src/js/components/blacklistManager.js
@@ -11,7 +11,16 @@ export class ItemManager {
 		if (val.length > 2) {
 			const div = document.createElement('div')
 			const id = this.generateID()
-			div.innerHTML = `<input type="checkbox" name="tbch" id="${id}"><label class="chk" for="${id}">${val}</label>`
+			const checkbox = document.createElement('input')
+			checkbox.type = 'checkbox'
+			checkbox.name = 'tbch'
+			checkbox.id = id
+			const label = document.createElement('label')
+			label.className = 'chk'
+			label.setAttribute('for', id)
+			label.textContent = val
+			div.appendChild(checkbox)
+			div.appendChild(label)
 			document.getElementById(this.containerId).prepend(div)
 		}
 	}