Hi again Unfortunately the solution I came up with above is vulnerable to cross-site scripting attack (XSS). The solution takes the parameter passed in from the url and shows it to the user. An attacker can insert a script and send the link to a user for instance. Please do not do this.
You can mitigate the XSS attack with CSP (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src), but it can be tricky to get right. Back to square one. Vince
