Fix code scanning alert no. 70: DOM text reinterpreted as HTML

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

info/tpl/menu.js

@@ -1,3 +1,14 @@
+function escapeHtml(text) {
+    const map = {
+        '&': '&',
+        '<': '&lt;',
+        '>': '&gt;',
+        '"': '&quot;',
+        "'": '&#039;'
+    };
+    return text.replace(/[&<>"']/g, function(m) { return map[m]; });
+}
+
 function generateMenuFromHeadings(node, hh) {
     // Select all H2 elements
     const h2Elements = node.querySelectorAll(hh);
@@ -14,7 +25,7 @@ function generateMenuFromHeadings(node, hh) {
         // menuItem.textContent = h2.textContent;
 
         // Optionally, set an id on the H2 for navigation
-	var index = h2.textContent;
+	var index = escapeHtml(h2.textContent);
 
         const h2Id = `heading-${index}`;
         h2.setAttribute('id', h2Id);