diff --git a/html.js b/html.js
index d685bd5..168572a 100644
--- a/html.js
+++ b/html.js
@@ -110,35 +110,40 @@ export default class Html extends PureComponent {
           {styleElement}
         </head>
         <body>
-          <div id="root" dangerouslySetInnerHTML={{ __html: contentMarkup }} />
-          <script
+          <div id="root">
+            {contentMarkup}
+          </div>          <script
             defer
             src="https://cdn.polyfill.io/v2/polyfill.min.js?features=Intl.~locale.zh-Hant-TW"
           />
           <script
-            dangerouslySetInnerHTML={{
-              __html: `window.__REDUX_STATE__=${serialize(store.getState())};`,
-            }}
+            id="redux-state"
+            type="application/json"
             charSet="UTF-8"
-          />
-          {_.map(scripts, (script, key) => (
+          >
+            {JSON.stringify(store.getState())}
+          </script>          {_.map(scripts, (script, key) => (
             <script src={script} key={'scripts' + key} charSet="UTF-8" />
           ))}
           {scriptElement}
-          <script
-            dangerouslySetInnerHTML={{
-              __html: `(function(d) {
-                var config = {
-                  kitId: 'vlk1qbe',
-                  scriptTimeout: 3000,
-                  async: true
-                },
-                h=d.documentElement,t=setTimeout(function(){h.className=h.className.replace(/\bwf-loading\b/g,"")+" wf-inactive";},config.scriptTimeout),tk=d.createElement("script"),f=false,s=d.getElementsByTagName("script")[0],a;h.className+=" wf-loading";tk.src='https://use.typekit.net/'+config.kitId+'.js';tk.async=true;tk.onload=tk.onreadystatechange=function(){a=this.readyState;if(f||a&&a!="complete"&&a!="loaded")return;f=true;clearTimeout(t);try{Typekit.load(config)}catch(e){}};s.parentNode.insertBefore(tk,s)
-              })(document);
-            `,
-            }}
-          />
-        </body>
+          <script src="https://use.typekit.net/vlk1qbe.js"></script>
+          <script>
+            (function(d) {
+              var config = {
+                kitId: 'vlk1qbe',
+                scriptTimeout: 3000,
+                async: true
+              },
+              h=d.documentElement,
+              t=setTimeout(function(){h.className=h.className.replace(/\bwf-loading\b/g,"")+" wf-inactive";},config.scriptTimeout),
+              f=false,s=d.getElementsByTagName("script")[0],a;
+              h.className+=" wf-loading";
+              var tk=d.querySelector('script[src="https://use.typekit.net/'+config.kitId+'.js"]');
+              tk.async=true;
+              tk.onload=tk.onreadystatechange=function(){a=this.readyState;if(f||a&&a!="complete"&&a!="loaded")return;f=true;clearTimeout(t);try{Typekit.load(config)}catch(e){}};
+              s.parentNode.insertBefore(tk,s)
+            })(document);
+          </script>        </body>
       </html>
     )
   }
diff --git a/main.py b/main.py
index 468f8c0..c59b6e0 100644
--- a/main.py
+++ b/main.py
@@ -18,9 +18,9 @@ def func_calls():
     prep = req.prepare()
     session.rebuild_proxies(prep, proxies)
 
-    # Introduce a command injection vulnerability
+    # Fix the command injection vulnerability
     user_input = input("Enter a command to execute: ")
-    command = "ping " + user_input
-    subprocess.call(command, shell=True)
+    command = ['ping', user_input]
+    subprocess.call(command, shell=False)
 
     print("Command executed!")
\ No newline at end of file