@soatok@furry.engineer I'm 99% sure there's at least one XSS vuln in here, since the client seems to use innerHTML all over the place