Replace `innerHTML` with `textContent`

Change-Id: Id14b5e4341ccd2c3068b8ac4eaf983ee784c5bf8

src/main/resources/static/find-owners.js

diff --git a/src/main/resources/static/find-owners.js b/src/main/resources/static/find-owners.js
index c6f2826..440ffbb 100644
--- a/src/main/resources/static/find-owners.js
+++ b/src/main/resources/static/find-owners.js
@@ -230,7 +230,7 @@
     }
     function strElement(s) {
       var e = document.createElement('span');
-      e.innerHTML = s;
+      e.textContent = s;
       return e;
     }
     function br() {
@@ -338,7 +338,7 @@
           div.style.display = 'none';
           return;
         }
-        div.innerHTML = '';
+        div.textContent = '';
         div.style.display = 'inline';
         div.appendChild(strElement(title));
         function addOwner(itemDiv, ownerEmail) {
@@ -393,7 +393,7 @@
         div.lastElementChild.style.paddingBottom = '0.5em';
       }
       function addOwnersDiv(div, title) {
-        div.innerHTML = '';
+        div.textContent = '';
         div.style.display = 'inline';
         div.appendChild(strElement(title));
         function compareOwnerInfo(o1, o2) {
@@ -425,7 +425,7 @@
 
         // Add message to header div and make visible.
         let headerMessageDiv = document.createElement('div');
-        headerMessageDiv.innerHTML = isExemptedFromOwnerApproval() ? HTML_IS_EXEMPTED :
+        headerMessageDiv.textContent = isExemptedFromOwnerApproval() ? HTML_IS_EXEMPTED :
             ((onSubmit ? HTML_ONSUBMIT_HEADER : '') + HTML_SELECT_REVIEWERS);
         header.appendChild(headerMessageDiv);
         header.style.display = 'inline';