Fixed XSS vulnerability in loading screen. (#1814) Using the method `.text` rather than `.html`, since the method `.html` does not escape html entity characters.