diff --git a/api/comments.js b/api/comments.js
index 01a72be..cfb5d32 100644
--- a/api/comments.js
+++ b/api/comments.js
@@ -34,8 +34,10 @@ module.exports = async (app, req, res) => {
         var x = c[0] //comment info
         var y = c[1] //account info
 
+        if (!x[2]) return;
+
         let comment = {}
-        comment.content = Buffer.from(x[2], 'base64').toString();
+        comment.content = app.clean(Buffer.from(x[2], 'base64').toString());
         comment.likes = x[4]
         comment.date = (x[9] || "?") + " ago"
         if (req.query.type == "commentHistory") comment.levelID = x[1]
diff --git a/api/download.js b/api/download.js
index edfb175..701adad 100644
--- a/api/download.js
+++ b/api/download.js
@@ -29,7 +29,7 @@ module.exports = async (app, req, res, api, ID, analyze) => {
           let level = {
                 name: levelInfo[2],
                 id: levelInfo[1],
-                description: Buffer.from(levelInfo[3], 'base64').toString() || "(No description provided)",
+                description: app.clean(Buffer.from(levelInfo[3], 'base64').toString() || "(No description provided)"),
                 author: "-",
                 authorID: levelInfo[6],
                 accountID: 0,
@@ -101,7 +101,7 @@ module.exports = async (app, req, res, api, ID, analyze) => {
 
       if (songRes != '-1') {
         let songData = app.parseResponse(songRes, '~|~')
-        level.songName = songData[2] || "Unknown"
+        level.songName = app.clean(songData[2] || "Unknown")
         level.songAuthor = songData[4] || "Unknown"
         level.songSize = (songData[5] || "0") + "MB"
         level.songID = songData[1] || level.customSong
diff --git a/api/level.js b/api/level.js
index 0624910..af1b6d1 100644
--- a/api/level.js
+++ b/api/level.js
@@ -39,7 +39,7 @@ module.exports = async (app, req, res, api, analyze) => {
         let level = {
               name: levelInfo[2],
               id: levelInfo[1],
-              description: Buffer.from(levelInfo[3], 'base64').toString() || "(No description provided)",
+              description: app.clean(Buffer.from(levelInfo[3], 'base64').toString() || "(No description provided)"),
               author: author[1] || "-",
               authorID: levelInfo[6],
               accountID: author[2] || 0,
@@ -64,7 +64,7 @@ module.exports = async (app, req, res, api, analyze) => {
               starsRequested: levelInfo[39],
               //ldm: levelInfo[40] == 1, //not given in search
               objects: levelInfo[45] == "65535" ? "65000+" : levelInfo[45],
-              large: levelInfo[45] > 40000,
+              large: levelInfo[45] > 40000
         }
 
         level.cp = (level.stars > 0) + level.featured + level.epic
diff --git a/api/search.js b/api/search.js
index 0d5245e..5e8799a 100644
--- a/api/search.js
+++ b/api/search.js
@@ -89,7 +89,7 @@ module.exports = async (app, req, res) => {
         let keys = Object.keys(x)
         x.name = x[2];
         x.id = x[1];
-        x.description = Buffer.from(x[3], 'base64').toString() || "(No description provided)",
+        x.description = app.clean(Buffer.from(x[3], 'base64').toString() || "(No description provided)"),
         x.author = authorList[x[6]] ? authorList[x[6]][0] : "-";
         x.authorID = x[6];
         x.accountID = authorList[x[6]] ? authorList[x[6]][1] : "0";
@@ -124,7 +124,7 @@ module.exports = async (app, req, res) => {
         let songSearch = songs.find(y => y['~1'] == x[35])
 
         if (songSearch) {
-            x.songName = songSearch[2] || "Unknown"
+            x.songName = app.clean(songSearch[2] || "Unknown")
             x.songAuthor = songSearch[4] || "Unknown"
             x.songSize = (songSearch[5] || "0") + "MB"
             x.songID = songSearch[1] || x.customSong
diff --git a/assets/css/browser.css b/assets/css/browser.css
index d95d708..ed75dc6 100644
--- a/assets/css/browser.css
+++ b/assets/css/browser.css
@@ -547,7 +547,6 @@ input::-webkit-inner-spin-button {
     padding-top: 1.5vh;
     padding-left: 1.5vh;
     overflow: hidden;
-    user-select: none;
 }
 
 .compact {
diff --git a/html/level.html b/html/level.html
index 4ad9d12..6dee2cf 100644
--- a/html/level.html
+++ b/html/level.html
@@ -174,8 +174,8 @@ else {
 	`<br><a class="youCanClickThis" href="/[[ID]]?download"><font color="aqua">Download additional info</font></a>`
 	)}
 
-if ([[COPIEDID]] == 0) $('#copiedBadge').hide()
 if (![[LARGE]]) $('#largeBadge').hide()
+if ([[COPIEDID]] == 0) $('#copiedBadge').hide()
 if ([[ORBS]] == 0) $('.orbs').hide()
 if ([[STARS]] == 0) $('.stars').hide()
 if ([[DIAMONDS]] == 0 || !'[[DEMONLIST]]'.startsWith("[")) $('.diamonds').hide()
diff --git a/html/profile.html b/html/profile.html
index 384c050..d8b1fba 100644
--- a/html/profile.html
+++ b/html/profile.html
@@ -150,6 +150,9 @@ else $('#pageDown').show()
 
 fetch(`../api/comments/[[ACCOUNTID]]?type=profile&page=${page}`).then(res => res.json()).then(res => {
 
+
+	console.log(res)
+
 	if (res.length != 10) $('#pageUp').hide()
 	else $('#pageUp').show()
 
diff --git a/index.js b/index.js
index eb5db0c..c81c4d4 100644
--- a/index.js
+++ b/index.js
@@ -38,7 +38,7 @@ app.parseResponse = function (responseBody, splitter) {
   return res  }
 
 //xss bad
-app.clean = function(text) {if (typeof text != "string") return text; else return text.replace(/&/g, "&#38;").replace(/</g, "&#60;").replace(/>/g, "&#62;").replace(/=/g, "&#61;").replace(/"/g, "&#34;").replace(/'/g, "&#39;")}
+app.clean = function(text) {if (!text || typeof text != "string") return text || ""; else return text.replace(/&/g, "&#38;").replace(/</g, "&#60;").replace(/>/g, "&#62;").replace(/=/g, "&#61;").replace(/"/g, "&#34;").replace(/'/g, "&#39;")}
 
 console.log("Site online!")
 
@@ -137,7 +137,7 @@ app.get("/iconkit", function(req, res) {
 })
 
 app.get("/icon", function(req, res) {
-  res.sendFile(__dirname + "/html/iconkit.html")
+  res.redirect('/iconkit')
 })
 
 app.get('/api/icons', function(req, res) {