Address some CodeQL security concerns (#35572)

Although there is no real security problem
2025-10-14 04:36:05 +00:00 · 2025-10-04 01:21:26 +08:00
parent c4532101a4
commit 71360a94cb
35 changed files with 118 additions and 78 deletions
--- a/web_src/js/modules/fomantic/base.ts
+++ b/web_src/js/modules/fomantic/base.ts
@@ -14,4 +14,7 @@ export function linkLabelAndInput(label: Element, input: Element) {
  }
 }

-export const fomanticQuery = $;
+export function fomanticQuery(s: string | Element | NodeListOf<Element>): ReturnType<typeof $> {
+  // intentionally make it only work for query selector, it isn't used for creating HTML elements (for safety)
+  return typeof s === 'string' ? $(document).find(s) : $(s);
+}