Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

2 månader sedan · 4eac54aa18
--- a/sortable.js
+++ b/sortable.js
@@ -17,6 +17,17 @@ var europeandate = true;
 
				 var alternate_row_colors = true;
			
 
				 
			
 
				 /* Don't change anything below this unless you know what you're doing */
			
 
				+
			
 
				+// Escape HTML special characters in a string for safe insertion into innerHTML
			
 
				+function escapeHtml(str) {
			
 
				+	return String(str)
			
 
				+		.replace(/&/g, '&amp;')
			
 
				+		.replace(/</g, '&lt;')
			
 
				+		.replace(/>/g, '&gt;')
			
 
				+		.replace(/"/g, '&quot;')
			
 
				+		.replace(/'/g, '&#39;');
			
 
				+}
			
 
				+
			
 
				 addEvent(window, "load", sortables_init);
			
 
				 
			
 
				 var SORT_COLUMN_INDEX;
			
@@ -50,7 +61,7 @@ function ts_makeSortable(t) {
 
				 		var cell = firstRow.cells[i];
			
 
				 		var txt = ts_getInnerText(cell);
			
 
				 		if (cell.className != "unsortable" && cell.className.indexOf("unsortable") == -1) {
			
 
				-			cell.innerHTML = '<a href="#" class="sortheader" onclick="ts_resortTable(this, '+i+');return false;">'+txt+'<span class="sortarrow">&nbsp;&nbsp;<img src="'+ image_path + image_none + '" alt="&darr;"/></span></a>';
			
 
				+			cell.innerHTML = '<a href="#" class="sortheader" onclick="ts_resortTable(this, '+i+');return false;">'+escapeHtml(txt)+'<span class="sortarrow">&nbsp;&nbsp;<img src="'+ image_path + image_none + '" alt="&darr;"/></span></a>';
			
 
				 		}
			
 
				 	}
			
 
				 	if (alternate_row_colors) {