hotspot: security and maintainability fixes

[helms-charity]

• functions should not be nested more than 4 levels deep
• use DOMpurify on innerHTML, etc to prevent XSS