Fix code scanning alert no. 43: Client-side cross-site scripting

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
GSA · Dec 16, 2024 · 2918ae2 · 2918ae2
1 parent 404ed5f
commit 2918ae2
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/assets/js/search.js b/assets/js/search.js
@@ -105,7 +105,7 @@ document.addEventListener("DOMContentLoaded", function () {
         }
         pagerLinks +=
             '<span class="margin-2">Page ' +
-            page +
+            encodeHTML(page) +
             " of " +
             Math.ceil(totalResults / resultsPerPage) +
             "</span>";
@@ -124,4 +124,12 @@ document.addEventListener("DOMContentLoaded", function () {
         }
         return currentURL.toString();
     }
+
+    function encodeHTML(str) {
+        return str.replace(/&/g, "&amp;")
+                  .replace(/</g, "&lt;")
+                  .replace(/>/g, "&gt;")
+                  .replace(/"/g, "&quot;")
+                  .replace(/'/g, "&#39;");
+    }
 });