From 3f7274ebe138a25cbba2eb0c2b71f654a74a3b75 Mon Sep 17 00:00:00 2001
From: agoudbg <agoudbg@gmail.com>
Date: Wed, 22 Apr 2026 19:09:33 +0800
Subject: [PATCH] Potential fix for code scanning alert no. 3: DOM text
 reinterpreted as HTML

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 src/js/questionnaire.js | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/js/questionnaire.js b/src/js/questionnaire.js
index d1ba3e3..95cbf1e 100644
--- a/src/js/questionnaire.js
+++ b/src/js/questionnaire.js
@@ -2,11 +2,11 @@
 $("[data-must-answer=true] input[data-type=text], [data-must-answer=true] textarea").on("input", function (e) {
     var $this = $(this);
     if ($this.val() == "" && $this.html() == "") {
-        $this.parents(".question").find(".dTip").html(questionnaireI18n.must_input);
+        $this.parents(".question").find(".dTip").text(questionnaireI18n.must_input);
         quesAnswerList[$this.parents(".question").attr("data-qid")] = false;
     }
     else {
-        $this.parents(".question").find(".dTip").html("");
+        $this.parents(".question").find(".dTip").text("");
         quesAnswerList[$this.parents(".question").attr("data-qid")] = true;
     }
 })
@@ -14,19 +14,19 @@ $("[data-must-answer=true] input[data-type=text], [data-must-answer=true] textar
 $("[data-must-answer=true] .input input").on("change", function (e) {
     var $this = $(this);
     if ($this.parents(".questionAnswers").find("input:checked").length == 0) {
-        $this.parents(".question").find(".dTip").html(questionnaireI18n.must_input);
+        $this.parents(".question").find(".dTip").text(questionnaireI18n.must_input);
         quesAnswerList[$this.parents(".question").attr("data-qid")] = false;
     }
     else if ($this.parents(".question").attr("data-num-limit") && $this.parents(".questionAnswers").find("input:checked").length < Number($this.parents(".question").attr("data-num-limit").split(",")[0])) {
-        $this.parents(".question").find(".dTip").html(questionnaireI18n.select_min_limit.replace(/{n}/g, $this.parents(".question").attr("data-num-limit").split(",")[0]));
+        $this.parents(".question").find(".dTip").text(questionnaireI18n.select_min_limit.replace(/{n}/g, $this.parents(".question").attr("data-num-limit").split(",")[0]));
         quesAnswerList[$this.parents(".question").attr("data-qid")] = false;
     }
     else if ($this.parents(".question").attr("data-num-limit") && $this.parents(".questionAnswers").find("input:checked").length > Number($this.parents(".question").attr("data-num-limit").split(",")[1])) {
-        $this.parents(".question").find(".dTip").html(questionnaireI18n.select_max_limit.replace(/{n}/g, $this.parents(".question").attr("data-num-limit").split(",")[1]));
+        $this.parents(".question").find(".dTip").text(questionnaireI18n.select_max_limit.replace(/{n}/g, $this.parents(".question").attr("data-num-limit").split(",")[1]));
         quesAnswerList[$this.parents(".question").attr("data-qid")] = false;
     }
     else {
-        $this.parents(".question").find(".dTip").html("");
+        $this.parents(".question").find(".dTip").text("");
         quesAnswerList[$this.parents(".question").attr("data-qid")] = true;
     }
 })
@@ -54,7 +54,7 @@ function submitQue() {
     });
     if (quesAnswerList.indexOf(false) != -1) {
         window.location.href = "#q_" + quesAnswerList.indexOf(false);
-        $(`#q_${quesAnswerList.indexOf(false)}`).find(".dTip:empty").html(questionnaireI18n.must_input);
+        $(`#q_${quesAnswerList.indexOf(false)}`).find(".dTip:empty").text(questionnaireI18n.must_input);
         $(`#q_${quesAnswerList.indexOf(false)}`).attr("data-mention", "true");
         setTimeout(() => {
             $(`#q_${quesAnswerList.indexOf(false)}`).attr("data-mention", "false");