Thank you for keeping the plugin/web safe! a big lesson learned on XSS attack. i’ll close this.
I was using event listener initially and it doesn’t work due to the HTML div keep changing when there is changes on other field, validation etc.
I’m targeting specific form ID + field class. the same script targeting button outside form was fine. but not the button created using HTML field. that’s why i thought of using onclick as last resort.
onclick might not be the best but i guess adding CSP header will make it safe? I’m not sure as I’m new in web development.
