Potential fix for code scanning alert no. 3: DOM text reinterpreted as HTML

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
2026-01-16 07:32:12 +01:00 · 2025-05-18 23:37:40 +02:00
parent 9d8322064b
commit e48b0c90f3
1 changed files with 10 additions and 1 deletions
--- a/dashboard_project/templates/base.html
+++ b/dashboard_project/templates/base.html
@ -299,6 +299,15 @@
            });

            function createToast(messageText, messageTags) {
+              function escapeHtml(unsafe) {
+                return unsafe
+                  .replace(/&/g, "&amp;")
+                  .replace(/</g, "&lt;")
+                  .replace(/>/g, "&gt;")
+                  .replace(/"/g, "&quot;")
+                  .replace(/'/g, "&#039;");
+              }
+
              let toastClass = "";
              let autohide = true;
              let delay = 5000;
@ -329,7 +338,7 @@
                            <button type="button" class="btn-close ${toastClass.includes("text-white") ? "btn-close-white" : ""}" data-bs-dismiss="toast" aria-label="Close"></button>
                        </div>
                        <div class="toast-body">
-                            ${messageText}
+                            ${escapeHtml(messageText)}
                        </div>
                    </div>`;