codeql text/html injection in food.js

Author: bewest

lib/food/food.js

@@ -248,7 +248,7 @@ client.init(function loaded () {
           .append($('<span>').addClass('width50px').css('text-align','center').text(foodlist[i].unit))
           .append($('<span>').addClass('width100px').css('text-align','center').append(foodlist[i].carbs))
           .append($('<span>').addClass('width100px').css('text-align','center').append(foodlist[i].gi))
-          .append($('<span>').addClass('width150px').append(foodlist[i].category))
+          .append($('<span>').addClass('width150px').text(foodlist[i].category))
           .append($('<span>').addClass('width150px').text(foodlist[i].subcategory))
           .append($('<span>').addClass('width100px').append(foodlist[i].fat))
           .append($('<span>').addClass('width100px').append(foodlist[i].protein))