From 45981f51dcd31477812a12ea98a85f9ef678c352 Mon Sep 17 00:00:00 2001
From: Denys Fedotov <dfedotov@Denyss-MacBook-Pro.local>
Date: Wed, 29 May 2024 17:48:04 -0600
Subject: [PATCH] Removed DOMXSS vulnerability noticed by Kodiak

---
 libs/features/personalization/preview.js | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/libs/features/personalization/preview.js b/libs/features/personalization/preview.js
index 28caab1d2df..d13d5c6aec2 100644
--- a/libs/features/personalization/preview.js
+++ b/libs/features/personalization/preview.js
@@ -254,10 +254,18 @@ function createPreviewPill(manifests) {
           </div>
         </div>
       </div>
-    </div>
-    <div class="dark">
-      <a class="con-button outline button-l" href="${simulateHref.href}" title="Preview above choices">Preview</a>
     </div>`;
+
+  const darkDiv = document.createElement('div')
+  const button = document.createElement('a')
+  darkDiv.className = 'dark'
+  button.className = 'con-button outline button-l'
+  button.title = 'Preview above choices'
+  button.text = 'Preview'
+  button.href = simulateHref.href
+  darkDiv.append(button)
+  div.append(darkDiv)
+
   overlay.append(div);
   addPillEventListeners(div);
 }