Stop using the dangerously unescaped 'innerHTML' for <option>

contents; use document.createTextNode like I do everywhere else.

[originally from svn r9787]

diff --git a/emcclib.js b/emcclib.js
index 51c8f93bb94d95cb45fa21426310ed9ff84010d6..cc6df284ecdd7ca0af9aa488bf117ff026675b2e 100644 (file)
--- a/emcclib.js
+++ b/emcclib.js
@@ -64,8 +64,8 @@ mergeInto(LibraryManager.library, {
      */
     js_add_preset: function(ptr) {
         var option = document.createElement("option");
-        option.value = Pointer_stringify(ptr);
-        option.innerHTML = Pointer_stringify(ptr);
+        option.value = gametypeoptions.length;
+        option.appendChild(document.createTextNode(Pointer_stringify(ptr)));
         gametypeselector.appendChild(option);
         gametypeoptions.push(option);
     },
@@ -77,14 +77,12 @@ mergeInto(LibraryManager.library, {
      * dropdown.
      */
     js_get_selected_preset: function() {
-        var val = 0;
         for (var i in gametypeoptions) {
             if (gametypeoptions[i].selected) {
-                val = i;
-                break;
+                return gametypeoptions[i].value;
             }
         }
-        return val;
+        return 0;
     },
 
     /*
@@ -592,8 +590,8 @@ mergeInto(LibraryManager.library, {
         var options = [];
         for (var i in items) {
             var option = document.createElement("option");
-            option.value = items[i];
-            option.innerHTML = items[i];
+            option.value = i;
+            option.appendChild(document.createTextNode(items[i]));
             if (i == initvalue) option.selected = true;
             dropdown.appendChild(option);
             options.push(option);
@@ -605,7 +603,7 @@ mergeInto(LibraryManager.library, {
             var val = 0;
             for (var i in options) {
                 if (options[i].selected) {
-                    val = i;
+                    val = options[i].value;
                     break;
                 }
             }