From dbce9dbfe97c41ad3e880353c3c27ca6e585edae Mon Sep 17 00:00:00 2001
From: Ben West <bewest@gmail.com>
Date: Sat, 1 Oct 2022 14:24:57 -0700
Subject: [PATCH] codeql text/html injection in food.js

---
 lib/food/food.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/food/food.js b/lib/food/food.js
index 5a1f618dcc2..d4601cb73c6 100644
--- a/lib/food/food.js
+++ b/lib/food/food.js
@@ -248,7 +248,7 @@ client.init(function loaded () {
           .append($('<span>').addClass('width50px').css('text-align','center').text(foodlist[i].unit))
           .append($('<span>').addClass('width100px').css('text-align','center').append(foodlist[i].carbs))
           .append($('<span>').addClass('width100px').css('text-align','center').append(foodlist[i].gi))
-          .append($('<span>').addClass('width150px').append(foodlist[i].category))
+          .append($('<span>').addClass('width150px').text(foodlist[i].category))
           .append($('<span>').addClass('width150px').text(foodlist[i].subcategory))
           .append($('<span>').addClass('width100px').append(foodlist[i].fat))
           .append($('<span>').addClass('width100px').append(foodlist[i].protein))