From fb14c99c01ead61b21acbaeca22c73cc9f63995e Mon Sep 17 00:00:00 2001
From: Joel Jolly <128782382+withinJoel@users.noreply.github.com>
Date: Mon, 23 Dec 2024 17:19:46 +0530
Subject: [PATCH] Fix code scanning alert no. 2: DOM text reinterpreted as HTML

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 Modules/Detect File Type.js | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/Modules/Detect File Type.js b/Modules/Detect File Type.js
index 05ed234..3c30d24 100644
--- a/Modules/Detect File Type.js	
+++ b/Modules/Detect File Type.js	
@@ -10,6 +10,13 @@ function checkFileExistence(url, callback) {
     img.src = url;
 }
 
+// Function to sanitize data by encoding special characters
+function sanitizeData(data) {
+    return data.replace(/[&<>"'`=\/]/g, function (s) {
+        return "&#" + s.charCodeAt(0) + ";";
+    });
+}
+
 // Detect image type function
 function detectImageType(data) {
     const existingElement = document.querySelector('[data-role="dynamic-image"]');
@@ -17,7 +24,8 @@ function detectImageType(data) {
         existingElement.remove();
     }
 
-    const imageurl = imagedir + data;
+    const sanitizedData = sanitizeData(data);
+    const imageurl = imagedir + sanitizedData;
 
     checkFileExistence(imageurl, function (exists) {
         if (exists) {
@@ -31,15 +39,15 @@ function detectImageType(data) {
             img.setAttribute('data-role', 'dynamic-image');
             document.body.appendChild(img);
 
-            if (data.includes('.png')) {
+            if (sanitizedData.includes('.png')) {
                 echo("The file is in PNG format.");
-            } else if (data.includes('.jpg')) {
+            } else if (sanitizedData.includes('.jpg')) {
                 echo("The file is in JPG format.");
-            } else if (data.includes('.jpeg')) {
+            } else if (sanitizedData.includes('.jpeg')) {
                 echo("The file is in JPEG format.");
-            } else if (data.includes('.webp')) {
+            } else if (sanitizedData.includes('.webp')) {
                 echo("The file is in WEBP format.");
-            } else if (data.includes('.gif')) {
+            } else if (sanitizedData.includes('.gif')) {
                 echo("The file is in GIF format.");
             } else {
                 echo("The file format is unknown.");