Potential fix for code scanning alert no. 8: DOM text reinterpreted as HTML

[drebrez]

Potential fix for https://github.com/TiCodeX/SQLSchemaCompare/security/code-scanning/8

Use safe DOM construction that inserts untrusted values as text nodes, not HTML.
Best fix here: replace the .html(...) call with:

1. empty() the target container,
2. append sourceItem as text,
3. append the icon span as a created element with classes,
4. append targetItem as text.

This preserves existing UI behavior (text + arrow icon + text) while preventing HTML parsing of sourceItem/targetItem.

Edit only SQLSchemaCompare.UI/wwwroot/js/Main.ts in the ShowBottomPanel method around line 87. No new imports or dependencies are required.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

[github-actions]

Unit Test Results

110 tests  ±0   110 ✅ ±0   0s ⏱️ ±0s
  1 suites ±0     0 💤 ±0 
  1 files   ±0     0 ❌ ±0 

Results for commit 251ab0c. ± Comparison against base commit 5b5f89d.

[github-actions]

MySQL Test Results

62 tests  ±0   62 ✅ ±0   1m 3s ⏱️ -6s
 1 suites ±0    0 💤 ±0 
 1 files   ±0    0 ❌ ±0 

Results for commit 251ab0c. ± Comparison against base commit 5b5f89d.

[github-actions]

MariaDB Test Results

186 tests  ±0   186 ✅ ±0   2m 23s ⏱️ +4s
  1 suites ±0     0 💤 ±0 
  1 files   ±0     0 ❌ ±0 

Results for commit 251ab0c. ± Comparison against base commit 5b5f89d.

[github-actions]

PostgreSQL Test Results

180 tests  ±0   180 ✅ ±0   5m 49s ⏱️ -25s
  1 suites ±0     0 💤 ±0 
  1 files   ±0     0 ❌ ±0 

Results for commit 251ab0c. ± Comparison against base commit 5b5f89d.

[github-actions]

MicrosoftSQL Test Results

212 tests  ±0   212 ✅ ±0   9m 54s ⏱️ -27s
  1 suites ±0     0 💤 ±0 
  1 files   ±0     0 ❌ ±0 

Results for commit 251ab0c. ± Comparison against base commit 5b5f89d.

♻️ This comment has been updated with latest results.