#Potential persistent XSS?

In the Settings -> Account page where it displays a message in the form of "Hello, <discord username>", I think there might be a potential persistent XSS vulnerability there. The hello-message is set with .innerHTMLand it looks like the discord username is not sanitized before used in the string template for the .innerHTML.

Tried to test it in action by setting my Synergism server username to something like <span onfocus='console.log(1)'/>, but I'm not sure of the mechanics as to when that gets updated in the game (possibly on re-log?). I think it would work, but I don't have time to figure out how to get the Discord username to update in the game.

Image: https://imgur.com/rG2enGo

*Also pls make a more convenient persistent xss so I can patch some stuff from within my mod (/s) * 🥺 👉 👈

https://github.com/Pseudo-Corp/SynergismOfficial/commit/0ffbd184938677cf8137a404cffb2f4b5b5d3ab9 fixed, thank you