don't use innerHTML for sso handOffMessage (#1285)

src/connectors/sso.ts

@@ -25,8 +25,11 @@ function initiateBrowserSso(code: string, state: string) {
     window.postMessage({ command: 'authResult', code: code, state: state }, '*');
     const handOffMessage = ('; ' + document.cookie).split('; ssoHandOffMessage=').pop().split(';').shift();
     document.cookie = 'ssoHandOffMessage=;SameSite=strict;max-age=0';
-    document.getElementById('content').innerHTML =
+    let content = document.getElementById('content');
-        `<p>${handOffMessage}</p>`;
+    content.innerHTML = '';
+    let p = document.createElement('p');
+    p.innerText = handOffMessage;
+    content.appendChild(p);
 }
 
 function extractFromRegex(s: string, regexString: string) {