Fix CSS injection for sites with strict CSP

This fix addresses an issue occurring on some pages where the response header includes
`content-security-policy: require-trusted-types-for 'script'`.

Author: vvto33

browser-client.cpp

@@ -661,8 +661,9 @@ void BrowserClient::OnLoadEnd(CefRefPtr<CefBrowser>, CefRefPtr<CefFrame> frame,
 
 		std::string script;
 		script += "const obsCSS = document.createElement('style');";
-		script += "obsCSS.innerHTML = decodeURIComponent(\"" +
-			  uriEncodedCSS + "\");";
+		script += "obsCSS.appendChild(document.createTextNode("
+			  "decodeURIComponent(\"" +
+			  uriEncodedCSS + "\")));";
 		script += "document.querySelector('head').appendChild(obsCSS);";
 
 		frame->ExecuteJavaScript(script, "", 0);