Javascript changes

[some1ataplace]

Fixes #43 Switches

Note: We might be able to keep innerHTML and eval(). We are not dealing with forms where users can input whatever they want into innerHTML and eval(). We are letting the django developers decide. However, both eval() and innerHTML are not good practices as they can cause XSS security issues.

We might not need all of these changes. I am not a javascript expert so feedback would be appreciated. I am not 100% that even the alternative methods are secure.

There is also javascript in #49 that we may be able to use instead as an alternative to what this PR does (or django devs they can use it within their own project without worrying about this PR's changes).

https://phoenix35.js.org/good-practices.html

https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Modules#other_differences_between_modules_and_standard_scripts

Alternatives to wrapper div innerHTML:

const s=opts.content
let e=document.createElement('div')
const r=document.createRange();
r.selectNodeContents(e)
const f=r.createContextualFragment(s);
e.appendChild(f);
e = e.firstElementChild;
const content = e;

const wrapper = new DOMParser().parseFromString(opts.content, 'text/html');
const content = wrapper.body.firstChild;

const content = document.createElement('div').appendChild(document.createRange().createContextualFragment(opts.content).firstElementChild);

Alternatives to eval():

const fxn = new Function(); 
fxn(script);

const newScript = document.createElement("script");
newScript.append(script.firstChild.nodeValue); 
document.body.append(newScript);