Potential fix for code scanning alert no. 66: DOM text reinterpreted as HTML

phrocker · github-advanced-security[bot] · web-flow · commit 91067d2b4b0e · 2025-12-22T15:31:24.000-05:00
Co-authored-by: Copilot Autofix powered by AI &lt;62310815+github-advanced-security[bot]@users.noreply.github.com&gt;
Signed-off-by: Marc &lt;phrocker@apache.org&gt;
diff --git a/api/src/main/resources/templates/sso/ai/services.html b/api/src/main/resources/templates/sso/ai/services.html
@@ -311,14 +311,16 @@ <h6><i class="fas fa-cogs"></i> Affected Services</h6>
                         
                         // Update the status text
                         const formTextDiv = form.querySelector('.form-text');
+                        formTextDiv.textContent = '';
                         if (integrationId) {
-                            formTextDiv.innerHTML = `
-                                Currently using integration ID: <span class="badge bg-info">${integrationId}</span>
-                            `;
+                            const textNode = document.createTextNode('Currently using integration ID: ');
+                            const badgeSpan = document.createElement('span');
+                            badgeSpan.className = 'badge bg-info';
+                            badgeSpan.textContent = integrationId;
+                            formTextDiv.appendChild(textNode);
+                            formTextDiv.appendChild(badgeSpan);
                         } else {
-                            formTextDiv.innerHTML = `
-                                Currently auto-selecting most recent integration
-                            `;
+                            formTextDiv.textContent = 'Currently auto-selecting most recent integration';
                         }
                     } else {
                         statusDiv.innerHTML = `
