From 2918ae22102b5fbfc1c3062c28a399601c56434a Mon Sep 17 00:00:00 2001
From: Kabir Menghrajani <kabir.menghrajani@gsa.gov>
Date: Mon, 16 Dec 2024 13:11:05 -0500
Subject: [PATCH] Fix code scanning alert no. 43: Client-side cross-site
 scripting

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 assets/js/search.js | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/assets/js/search.js b/assets/js/search.js
index 6ac30ffc1..fd9db1a57 100644
--- a/assets/js/search.js
+++ b/assets/js/search.js
@@ -105,7 +105,7 @@ document.addEventListener("DOMContentLoaded", function () {
         }
         pagerLinks +=
             '<span class="margin-2">Page ' +
-            page +
+            encodeHTML(page) +
             " of " +
             Math.ceil(totalResults / resultsPerPage) +
             "</span>";
@@ -124,4 +124,12 @@ document.addEventListener("DOMContentLoaded", function () {
         }
         return currentURL.toString();
     }
+
+    function encodeHTML(str) {
+        return str.replace(/&/g, "&amp;")
+                  .replace(/</g, "&lt;")
+                  .replace(/>/g, "&gt;")
+                  .replace(/"/g, "&quot;")
+                  .replace(/'/g, "&#39;");
+    }
 });