scripts.js XSS and high sonarQube fixes

[helms-charity]

also, use DOMpurify:
User controlled data in methods like 'innerHTML', 'outerHTML' or 'document.write' is an anti-pattern that can lead to XSS vulnerabilities.