Merge pull request #21 from withinJoel/alert-autofix-2

Fix code scanning alert no. 2: DOM text reinterpreted as HTML

Modules/Detect File Type.js

@@ -10,14 +10,22 @@ function checkFileExistence(url, callback) {
     img.src = url;
 }
 
+// Function to sanitize data by encoding special characters
+function sanitizeData(data) {
+    return data.replace(/[&<>"'`=\/]/g, function (s) {
+        return "&#" + s.charCodeAt(0) + ";";
+    });
+}
+
 // Detect image type function
 function detectImageType(data) {
     const existingElement = document.querySelector('[data-role="dynamic-image"]');
     if (existingElement) {
         existingElement.remove();
     }
 
-    const imageurl = imagedir + data;
+    const sanitizedData = sanitizeData(data);
+    const imageurl = imagedir + sanitizedData;
 
     checkFileExistence(imageurl, function (exists) {
         if (exists) {
@@ -31,15 +39,15 @@ function detectImageType(data) {
             img.setAttribute('data-role', 'dynamic-image');
             document.body.appendChild(img);
 
-            if (data.includes('.png')) {
+            if (sanitizedData.includes('.png')) {
                 echo("The file is in PNG format.");
-            } else if (data.includes('.jpg')) {
+            } else if (sanitizedData.includes('.jpg')) {
                 echo("The file is in JPG format.");
-            } else if (data.includes('.jpeg')) {
+            } else if (sanitizedData.includes('.jpeg')) {
                 echo("The file is in JPEG format.");
-            } else if (data.includes('.webp')) {
+            } else if (sanitizedData.includes('.webp')) {
                 echo("The file is in WEBP format.");
-            } else if (data.includes('.gif')) {
+            } else if (sanitizedData.includes('.gif')) {
                 echo("The file is in GIF format.");
             } else {
                 echo("The file format is unknown.");