From 4335308df5a89bbb9103062ef904c158b7936b82 Mon Sep 17 00:00:00 2001
From: Refaktor <janko.itm+refaktor@gmail.com>
Date: Fri, 3 Jan 2025 23:31:48 +0100
Subject: [PATCH] Fix code scanning alert no. 70: DOM text reinterpreted as
 HTML

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 info/tpl/menu.js | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/info/tpl/menu.js b/info/tpl/menu.js
index 65fc14e6..463571be 100644
--- a/info/tpl/menu.js
+++ b/info/tpl/menu.js
@@ -1,3 +1,14 @@
+function escapeHtml(text) {
+    const map = {
+        '&': '&amp;',
+        '<': '&lt;',
+        '>': '&gt;',
+        '"': '&quot;',
+        "'": '&#039;'
+    };
+    return text.replace(/[&<>"']/g, function(m) { return map[m]; });
+}
+
 function generateMenuFromHeadings(node, hh) {
     // Select all H2 elements
     const h2Elements = node.querySelectorAll(hh);
@@ -14,7 +25,7 @@ function generateMenuFromHeadings(node, hh) {
         // menuItem.textContent = h2.textContent;
 
         // Optionally, set an id on the H2 for navigation
-	var index = h2.textContent;
+	var index = escapeHtml(h2.textContent);
 	
         const h2Id = `heading-${index}`;
         h2.setAttribute('id', h2Id);