Fix/issue 2343 dom x ss search

[Prateek2007-cmd]

Description

Resolves Issue #2343 (Severe DOM-based XSS in Search History).

A static analysis of the frontend codebase uncovered a critical DOM-based Cross-Site Scripting (XSS) vulnerability in shop.html. The "Recent Searches" UI component was extracting unsanitized user input from localStorage and evaluating it directly via .innerHTML, while simultaneously injecting it into an inline onclick handler. This allowed arbitrary JavaScript execution if a malicious payload entered the search history.

This PR remediates the vulnerability by shifting from string-based DOM injection to secure DOM Node API manipulation.

Changes Made

• XSS Prevention: Eliminated the .innerHTML map-and-join pattern. Replaced it with document.createElement and .textContent assignment to guarantee strict HTML entity escaping.
• Event Listener Modernization: Stripped the vulnerable onclick='...' string injection and implemented secure event binding via .addEventListener("click", ...).

Type of Change

• Critical Security Fix

[vercel]

@Prateek2007-cmd is attempting to deploy a commit to the janavipandole's projects Team on Vercel.

A member of the Team first needs to authorize it.