From ff52cd23db9852bc73f28db04d4758d05bbef96f Mon Sep 17 00:00:00 2001
From: Cory Caywood <cory@floatinginspace.net>
Date: Tue, 2 Feb 2021 11:35:32 +0900
Subject: [PATCH] security: (sample) Resolve XSS issue in external webview page

---
 js-miniapp-sample/external-webview/index.html | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/js-miniapp-sample/external-webview/index.html b/js-miniapp-sample/external-webview/index.html
index 7eb7bfaa6..54d02c033 100644
--- a/js-miniapp-sample/external-webview/index.html
+++ b/js-miniapp-sample/external-webview/index.html
@@ -101,7 +101,9 @@ <h3>Return To Mini App</h3>
                 const passedParams = window.location.search
                     // This page is loaded via a query parameter so we must remove the section which isn't relevant
                     .replace(/^[?](.*?)[?]/, '?'); 
-                document.getElementById('PassedParams').innerHTML = passedParams || 'None';
+                const text = document.createElement('span');
+                text.innerText = passedParams || 'None';
+                document.getElementById('PassedParams').appendChild(text);
 
                 // Set return URL and params
                 const returnInput = document.getElementById('ReturnInput');