Merge pull request #4 from Nec0ti/dev

Nec0ti · web-flow · commit 01b41f880c29 · 2025-01-18T10:34:00.000+03:00
Potential fix for code scanning alert no. 1: DOM text reinterpreted as HTML
diff --git a/script.js b/script.js
@@ -72,8 +72,17 @@ invoiceNameInput.addEventListener('input', () => {
     analyzeButton.disabled = selectedFiles.length === 0 || !invoiceNameInput.value.trim();
 });
 
+function escapeHtml(unsafe) {
+    return unsafe
+        .replace(/&/g, "&amp;")
+        .replace(/</g, "&lt;")
+        .replace(/>/g, "&gt;")
+        .replace(/"/g, "&quot;")
+        .replace(/'/g, "&#039;");
+}
+
 function updateFileList() {
-    fileList.innerHTML = selectedFiles.map(file => `<p>${file.name}</p>`).join('');
+    fileList.innerHTML = selectedFiles.map(file => `<p>${escapeHtml(file.name)}</p>`).join('');
 }
 
 analyzeButton.addEventListener('click', analyzeInvoices);
