Missing Type Guards in 2FA QR Code Initialization

[geeknik]

assets/js/ezxss4.js:251-253 + 371-379: initializePageSpecificFeatures checks for #qrcode before calling initializeQRCode, but inside that function it assumes #secret exists and reads .value without a type/null check.

Risk is limited to runtime errors if the DOM is clobbered or the element is missing; since the ID is constant and on a controlled page, impact is low but still worth hardening.

Please consider applying similar defensive checks to other document.getElementById() calls that assume element types, especially where .value, .innerHTML, or other properties are accessed immediately. 👍🏻