mirror of
https://github.com/Stirling-Tools/Stirling-PDF.git
synced 2025-05-14 02:05:55 +00:00
fd1e854778
Potential fix for [https://github.com/Stirling-Tools/Stirling-PDF/security/code-scanning/224](https://github.com/Stirling-Tools/Stirling-PDF/security/code-scanning/224) To fix the issue, we should avoid assigning untrusted data directly to `innerHTML`. Instead, we can use `textContent`, which safely sets the text content of an element without interpreting it as HTML. This ensures that any special characters in the `data-title` attribute are treated as plain text, preventing XSS attacks. The fix involves replacing `tabButton.innerHTML = title;` on line 12 with `tabButton.textContent = title;`. This change ensures that the `title` is safely rendered as text. --- _Suggested fixes powered by Copilot Autofix. Review carefully before merging._ Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>