Use proper method for manipulating text

`innerText` is too powerful for the job here, use a more
restricted/secure way to manipulate text.

Related: #17211.
PR #17212.

src/webui/www/private/scripts/download.js

@@ -106,7 +106,7 @@ window.qBittorrent.Download = (function() {
         }
         else {
             item.nextElementSibling.hidden = true;
-            const text = item.options[item.selectedIndex].innerHTML;
+            const text = item.options[item.selectedIndex].textContent;
             item.nextElementSibling.value = text;
 
             if ($('autoTMM').selectedIndex == 1) {

src/webui/www/private/views/preferences.html

@@ -1374,7 +1374,7 @@
             }
             else {
                 item.nextElementSibling.hidden = true;
-                const text = item.options[item.selectedIndex].innerHTML;
+                const text = item.options[item.selectedIndex].textContent;
                 item.nextElementSibling.value = text;
             }
         };
@@ -1397,7 +1397,7 @@
             $('cb_watch_' + pos).setProperty('value', sel);
             if (disableInput) {
                 const elt = $('cb_watch_' + pos);
-                other = elt.options[elt.selectedIndex].innerHTML;
+                other = elt.options[elt.selectedIndex].textContent;
             }
             $('cb_watch_txt_' + pos).setProperty('value', other);
 

src/webui/www/private/views/rssDownloader.html

@@ -682,7 +682,7 @@ Supports the formats: S01E01, 1x1, 2017.12.31 and 31.12.2017 (Date formats also
                 $('savetoDifferentDir').checked = false;
                 $('saveToText').value = '';
                 $('ignoreDaysValue').value = 0;
-                $('lastMatchText').innerHTML = 'QBT_TR(Last Match: Unknown)QBT_TR[CONTEXT=AutomatedRssDownloader]';
+                $('lastMatchText').textContent = 'QBT_TR(Last Match: Unknown)QBT_TR[CONTEXT=AutomatedRssDownloader]';
                 $('addPausedCombobox').value = 'default';
                 $('contentLayoutCombobox').value = 'Default';
                 rssDownloaderFeedSelectionTable.clear();
@@ -724,10 +724,10 @@ Supports the formats: S01E01, 1x1, 2017.12.31 and 31.12.2017 (Date formats also
                 if (rulesList[ruleName].lastMatch !== '') {
                     let timeDiffInMs = new Date().getTime() - new Date(rulesList[ruleName].lastMatch).getTime();
                     let daysAgo = Math.floor(timeDiffInMs / (1000 * 60 * 60 * 24)).toString();
-                    $('lastMatchText').innerHTML = ' QBT_TR(Last Match: %1 days ago)QBT_TR[CONTEXT=AutomatedRssDownloader]'.replace('%1', daysAgo);
+                    $('lastMatchText').textContent = ' QBT_TR(Last Match: %1 days ago)QBT_TR[CONTEXT=AutomatedRssDownloader]'.replace('%1', daysAgo);
                 }
                 else {
-                    $('lastMatchText').innerHTML = 'QBT_TR(Last Match: Unknown)QBT_TR[CONTEXT=AutomatedRssDownloader]';
+                    $('lastMatchText').textContent = 'QBT_TR(Last Match: Unknown)QBT_TR[CONTEXT=AutomatedRssDownloader]';
                 }
 
                 if (rulesList[ruleName].addPaused === null)

src/webui/www/public/scripts/login.js

@@ -48,11 +48,11 @@ function submitLoginForm() {
             if ((xhr.status === 200) && (xhr.responseText === "Ok."))
                 location.reload(true);
             else
-                errorMsgElement.innerHTML = 'QBT_TR(Invalid Username or Password.)QBT_TR[CONTEXT=HttpServer]';
+                errorMsgElement.textContent = 'QBT_TR(Invalid Username or Password.)QBT_TR[CONTEXT=HttpServer]';
         }
     });
     xhr.addEventListener('error', function() {
-        errorMsgElement.innerHTML = (xhr.responseText !== "")
+        errorMsgElement.textContent = (xhr.responseText !== "")
             ? xhr.responseText
             : 'QBT_TR(Unable to log in, qBittorrent is probably unreachable.)QBT_TR[CONTEXT=HttpServer]';
     });