https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37742 --- Comment #1 from David Cook <dcook@prosentient.com.au> --- If the translations can use template literals, then you could switch back to a template literal. However, a better idea is to build the HTML using DOM objects. Something like... let para = document.createElement('p'); let strong = document.createElement('strong'); strong.textContent = __("Error:"); let err_msg = document.createTextNode(errorMessage); para.appendChild(strong); para.appendChild(err_msg); document.getElementById('barcode-container').appendChild(para); -- I get that it's a lot longer to write, but it's a billion times safer than using innerHTML. Look at "Cross Site Scripting Prevention Cheat Sheet" by OWASP. Specifically "Safe Sinks". -- You are receiving this mail because: You are watching all bug changes.