mirror of
https://github.com/Stirling-Tools/Stirling-PDF.git
synced 2025-06-18 05:25:04 +00:00
1bb3b68a87
Potential fix for [https://github.com/Stirling-Tools/Stirling-PDF/security/code-scanning/11](https://github.com/Stirling-Tools/Stirling-PDF/security/code-scanning/11) To fix the issue, we should avoid using `innerHTML` to insert untrusted data into the DOM. Instead, we can use DOM manipulation methods like `createElement` and `appendChild` to construct the required HTML structure safely. These methods do not interpret strings as HTML, thereby mitigating the risk of XSS. Specifically: 1. Replace the `innerHTML` assignment on line 302 with code that creates the required DOM elements programmatically. 2. Ensure that the `selectedOperation` value is inserted as plain text using `textContent` or equivalent methods. --- _Suggested fixes powered by Copilot Autofix. Review carefully before merging._ Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>