Issue raised in https://git.radicallyopensecurity.com/nlnet/ngie-dokieli/-/issues/9 which has been remediated by DOM sanitization. It is still a good practice to create elements / set attributes.

This would be a large refactor. Go through these files:

• access.js
• actions.js
• activity.js
• auth.js
• config.js
• csv.js
• dialog.js
• doc.js
• dokieli.js
• editor
  • editor.js
  • initEditor.js
  • schema
    • base.js
  • slashmenu
    • handlers.js
    • slashmenu.js
  • toolbar
    • author
      • author.js
      • handlers.js
      • keymap.js
    • social
      • handlers.js
      • social.js
    • toolbar.js
  • utils
    • annotation.js
    • dom.js
• events.js
• fetcher.js
• geo.js
• graph.js
• i18n.js
• init.js
• storage.js
• sync.js
• ui
  • buttons.js
  • icons.js
• uri.js
• util.js
• utils
  • html.js
  • normalization.js
  • sanitization.js
• viz.js