Skip to content

Commit 1a78dc2

Browse files
fix(website): use getElementById for hash-based scroll target
Replace querySelector(decodedHash) with getElementById to prevent CSS selector injection via crafted URL fragments. Refs #24
1 parent c73bf9d commit 1a78dc2

1 file changed

Lines changed: 5 additions & 2 deletions

File tree

website/result.html

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,7 @@
3939
.replaceAll("/", "");
4040
const anchor = document.createElement("a");
4141
anchor.id = anchorId;
42-
anchor.href = "#" + anchorId;
42+
anchor.href = `#${anchorId}`;
4343
anchor.classList.add("heading-anchor");
4444
anchor.textContent = "#";
4545
heading.appendChild(anchor);
@@ -48,7 +48,10 @@
4848
const hash = window.location.hash;
4949
if (hash) {
5050
const decodedHash = decodeURIComponent(hash);
51-
const target = document.querySelector(decodedHash);
51+
const targetId = decodedHash.startsWith("#")
52+
? decodedHash.slice(1)
53+
: decodedHash;
54+
const target = document.getElementById(targetId);
5255
if (target) {
5356
target.scrollIntoView();
5457
}

0 commit comments

Comments
 (0)