fix a js/xss-through-dom problem detected by CodeQL

gfx · gfx · commit da0b37c42c9f · 2021-02-28T11:22:58.000+09:00
diff --git a/example/fetch-example.html b/example/fetch-example.html
@@ -48,11 +48,13 @@ <h1>Fetch API example</h1>
         }
       })()
     </script>
+    <pre><code id="source"></code></pre>
     <script>
       const script = document.getElementById("script");
-      document.write("<pre><code>");
-      document.write(script.innerText.replace(/^ {6}/gms, ""));
-      document.write("</code><pre>");
+      const source = document.getElementById("source");
+      source.appendChild(
+        document.createTextNode(
+          script.innerText.replace(/^ {6}/gms, "")));
     </script>
   </main>
 </body>
