fix XSS injection possible in comment

js/customElements/commentsDisplay.js

@@ -10,15 +10,28 @@ class commentsDisplay extends HTMLElement {
                 if (xhr.status === 200) {
                     let comments = JSON.parse(xhr.responseText);
                     comments.forEach((element) => {
-                        this.innerHTML += `
-                        <h3 class="commentTitle">${element["name"]}</h3>
-                        <div class="comment">
-                            <img src="${element["gravatarURL"]}">
-                            <article class="commentArticle">
-                                <p class="commentText">${element["comment"]}</p>
-                            </article>
-                        </div>
-                    `;
+                        const h3 = document.createElement("h3");
+                        h3.classList.add("commentTitle");
+                        h3.innerText = element["name"];
+                        this.appendChild(h3);
+
+                        const commentDiv = document.createElement("div");
+                        commentDiv.classList.add("comment");
+                        this.appendChild(commentDiv);
+
+                        const image = document.createElement("img");
+                        image.src = element["gravatarURL"];
+                        commentDiv.appendChild(image);
+
+                        const article = document.createElement("article");
+                        article.classList.add("commentArticle");
+                        commentDiv.appendChild(article);
+
+                        const commentText = document.createElement("p");
+                        commentText.classList.add("commentText");
+                        commentText.innerText = element["comment"];
+                        article.appendChild(commentText);
+
                     });
                 } else {
                     let p = document.createElement("p");