From 41bc0bf57cb9b1296f23c566b21e563b4d9fd86b Mon Sep 17 00:00:00 2001
From: Daniele Debernardi <drebrez@gmail.com>
Date: Sun, 7 Jun 2026 17:33:18 +0200
Subject: [PATCH 1/2] Potential fix for code scanning alert no. 8: DOM text
 reinterpreted as HTML

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 SQLSchemaCompare.UI/wwwroot/js/Main.ts | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/SQLSchemaCompare.UI/wwwroot/js/Main.ts b/SQLSchemaCompare.UI/wwwroot/js/Main.ts
index 83eb83a..7d5b6dd 100644
--- a/SQLSchemaCompare.UI/wwwroot/js/Main.ts
+++ b/SQLSchemaCompare.UI/wwwroot/js/Main.ts
@@ -84,7 +84,11 @@ class Main {
     if (Utility.IsNullOrWhitespace(targetItem)) {
       targetItem = Localization.Get("LabelDoesNotExist");
     }
-    $(".tcx-diff-item-name").html(`${sourceItem} <span class='fa fa-long-arrow-alt-right'></span> ${targetItem}`);
+    const diffItemName = $(".tcx-diff-item-name");
+    diffItemName.empty();
+    diffItemName.append(document.createTextNode(`${sourceItem} `));
+    diffItemName.append($("<span>").addClass("fa fa-long-arrow-alt-right"));
+    diffItemName.append(document.createTextNode(` ${targetItem}`));
 
     void Utility.AjaxCall<CompareResultItemScripts>(this.resultItemScriptsUrl + rowId, HttpMethod.Get).then((response): void => {
       EditorManager.CreateEditor(EditorType.Diff, "sqlDiff", {

From 251ab0ca62e487cd61c90af59a37a3e3fc619d37 Mon Sep 17 00:00:00 2001
From: Daniele Debernardi <drebrez@gmail.com>
Date: Sun, 7 Jun 2026 17:41:22 +0200
Subject: [PATCH 2/2] remove spaces in favor of margins

---
 SQLSchemaCompare.UI/wwwroot/js/Main.ts | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/SQLSchemaCompare.UI/wwwroot/js/Main.ts b/SQLSchemaCompare.UI/wwwroot/js/Main.ts
index 7d5b6dd..c5a3b56 100644
--- a/SQLSchemaCompare.UI/wwwroot/js/Main.ts
+++ b/SQLSchemaCompare.UI/wwwroot/js/Main.ts
@@ -86,9 +86,9 @@ class Main {
     }
     const diffItemName = $(".tcx-diff-item-name");
     diffItemName.empty();
-    diffItemName.append(document.createTextNode(`${sourceItem} `));
-    diffItemName.append($("<span>").addClass("fa fa-long-arrow-alt-right"));
-    diffItemName.append(document.createTextNode(` ${targetItem}`));
+    diffItemName.append(document.createTextNode(sourceItem));
+    diffItemName.append($("<span>").addClass("fa fa-long-arrow-alt-right mx-1"));
+    diffItemName.append(document.createTextNode(targetItem));
 
     void Utility.AjaxCall<CompareResultItemScripts>(this.resultItemScriptsUrl + rowId, HttpMethod.Get).then((response): void => {
       EditorManager.CreateEditor(EditorType.Diff, "sqlDiff", {