From b97596bb54545785c2b99ec9db393462801a699e Mon Sep 17 00:00:00 2001
From: PhoenixProject <103653068+EthanThePhoenix38@users.noreply.github.com>
Date: Sat, 14 Feb 2026 13:50:37 +0100
Subject: [PATCH] Potential fix for code scanning alert no. 22: Client-side
cross-site scripting
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
docs.html | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
diff --git a/docs.html b/docs.html
index 25639930e..a725a7268 100644
--- a/docs.html
+++ b/docs.html
@@ -307,6 +307,17 @@ On this page
return text.toLowerCase().replace(/[^\w]+/g, '-').replace(/^-|-$/g, '');
}
+ // Basic HTML escaping to prevent XSS when inserting untrusted values
+ function escapeHtml(str) {
+ return String(str)
+ .replace(/&/g, '&')
+ .replace(//g, '>')
+ .replace(/"/g, '"')
+ .replace(/'/g, ''')
+ .replace(/\//g, '/');
+ }
+
// Simple markdown to HTML parser with anchor generation
function parseMarkdown(md) {
let html = md;
@@ -389,10 +400,11 @@ On this page
// Fetch and display documentation
async function loadDoc(filename) {
+ const safeFilename = escapeHtml(filename);
docsContent.innerHTML = `
-
Loading ${filename}...
+
Loading ${safeFilename}...
`;
@@ -417,9 +429,9 @@ On this page
console.error('Error loading doc:', error);
docsContent.innerHTML = `
Error Loading Documentation
- Failed to load ${filename}. Please try again later.
+ Failed to load ${safeFilename}. Please try again later.
-
+
View on GitHub