Avoid adding unescaped textContent to innerHTML

Abhiek187 · Feb 20, 2022 · 6b70f83 · 6b70f83
1 parent 8acc626
commit 6b70f83
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 7 deletions.
diff --git a/stockhelper/stockapp/static/stockapp/js/detail.js b/stockhelper/stockapp/static/stockapp/js/detail.js
@@ -102,10 +102,10 @@ const showToastMessage = (isError, message) => {
 
 // Make the change text green or red depending on its sign
 if (parseFloat(changeDom.textContent) < 0) {
-    changeDom.innerHTML = `&#x25bc; ${changeDom.textContent}`;
+    changeDom.innerHTML = `▼ ${changeDom.innerHTML}`;
     changeDom.classList.add("text-danger");
 } else {
-    changeDom.innerHTML = `&#x25b2; ${changeDom.textContent}`;
+    changeDom.innerHTML = `▲ ${changeDom.innerHTML}`;
     changeDom.classList.add("text-success");
 }
 

diff --git a/stockhelper/stockapp/static/stockapp/js/portfolio.js b/stockhelper/stockapp/static/stockapp/js/portfolio.js
@@ -58,10 +58,10 @@ const getPriceAndChange = async () => {
 
                 // Make the change text green or red depending on its sign
                 if (change < 0) {
-                    stockChange.innerHTML = `&#x25bc; ${-change}`;
+                    stockChange.innerHTML = `▼ ${-change}`;
                     stockChange.classList.add("text-danger");
                 } else {
-                    stockChange.innerHTML = `&#x25b2; ${change}`;
+                    stockChange.innerHTML = `▲ ${change}`;
                     stockChange.classList.add("text-success");
                 }
             }
@@ -86,7 +86,7 @@ const getPriceAndChange = async () => {
 
         // Show how much the net worth has changed (25b2 for up arrow and 25bc for down arrow)
         netWorthDom.classList.add("text-success");
-        netWorthDom.innerHTML += ` &#x25b2; ${toMoney(netWorthChange)}`;
+        netWorthDom.innerHTML += ` ▲ ${toMoney(netWorthChange)}`;
     } else if (netWorthChange < 0) {
         portfolioStatus.textContent =
             "Right now, you have a net loss. Consider selling stocks " +
@@ -95,7 +95,7 @@ const getPriceAndChange = async () => {
         roiAlert.classList.add("alert-danger");
 
         netWorthDom.classList.add("text-danger");
-        netWorthDom.innerHTML += ` &#x25bc; ${toMoney(-netWorthChange)}`;
+        netWorthDom.innerHTML += ` ▼ ${toMoney(-netWorthChange)}`;
     }
 };
 

diff --git a/stockhelper/stockapp/templates/stockapp/index.html b/stockhelper/stockapp/templates/stockapp/index.html
@@ -84,7 +84,7 @@ <h1 class="home-title mt-3 mx-3">Welcome to How to Stock!</h1>
             <a tabindex="0" href="javascript:" class="equity help fw-bold" data-bs-toggle="popover"
                 data-bs-trigger="focus" data-bs-container="body" data-bs-placement="top" title="{{ terms.equity.word }}"
                 data-bs-content="{{ terms.equity.definition }}"> equity </a>
-            to gain a profit. &#x25b2;
+            to gain a profit. ▲
         </p>
         <p class="home-subtitle mb-4 mx-3 fs-5">
             As you explore this app, you'll learn more about various financial terms and get first-hand experience at