From c90f8a05bf792e61db250f210834cdabcc0b7906 Mon Sep 17 00:00:00 2001
From: MHSanaei <ho3ein.sanaei@gmail.com>
Date: Mon, 4 May 2026 16:36:33 +0200
Subject: fix(security): sanitize remote IP headers and escape log viewer
 output

#4135
---
 web/html/login.html | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'web/html/login.html')

diff --git a/web/html/login.html b/web/html/login.html
index 78bffd30..2e03a4c5 100644
--- a/web/html/login.html
+++ b/web/html/login.html
@@ -150,7 +150,11 @@
       },
       initHeadline() {
         const animationDelay = 2000;
-        const headlines = this.$el.querySelectorAll('.headline');
+        const rootEl = this.$el instanceof Element ? this.$el : document.getElementById('app');
+        if (!rootEl || typeof rootEl.querySelectorAll !== 'function') {
+          return;
+        }
+        const headlines = rootEl.querySelectorAll('.headline');
         headlines.forEach((headline) => {
           const first = headline.querySelector('.is-visible');
           if (!first) return;
-- 
cgit v1.2.3