Thread:CzechOut/@comment-1877307-20200520191418/@comment-188432-20200520192807

Hi there ;)

I'm sorry I haven't gotten back to you more promptly. All I'm really asking — since  is being injected into innerHTML — is whether its value should be escaped/sanitised/strictly turned into text — just so that no dangerous or XSS-susceptible content gets passed on.