From 922e9d3d41ac3649a6fcbb026e5c79c2af1030d6 Mon Sep 17 00:00:00 2001
From: ashboundscar <scar17off2@gmail.com>
Date: Fri, 22 May 2026 00:51:07 +0300
Subject: [PATCH] Fixed XSS in chat rank display

---
 frontend/static/yw/javascript/chat.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/frontend/static/yw/javascript/chat.js b/frontend/static/yw/javascript/chat.js
index c179e73..0418a5b 100644
--- a/frontend/static/yw/javascript/chat.js
+++ b/frontend/static/yw/javascript/chat.js
@@ -823,7 +823,7 @@ function buildChatElement(field, id, type, nickname, message, realUsername, op,
 	if(hasTagDom) {
 		tagDom = document.createElement("span");
 		if(dataObj.rankName) {
-			tagDom.innerHTML = "(" + dataObj.rankName + ")";
+			tagDom.textContent = "(" + dataObj.rankName + ")";
 			tagDom.style.color = dataObj.rankColor;
 			tagDom.style.fontWeight = "bold";
 			nickTitle.push(dataObj.rankName);