InfoSec flagged issue

[vinhtvu2]

var t=window.location.hash;t&&-1!==t.indexOf("#filter-")&&("filter-all"===(t=t.replace("#",""))?$resourceLinkCards.show():$resourceLinkCards.show().not("."+t).hide(),isResourceFilterLeft&&scrollToElement($UcfResourceDirectoryItems),setSelected($("."+t)))

Data is read from window.location.hash and passed to $() via the following statements:

var t=window.location.hash; $("." + t)

https://cwe.mitre.org/data/definitions/79.html

[jmbarne3]

We need to make sure we sanitize the hash when we get it from the window.

[jmbarne3]

We should probably check to make sure we're sanitizing the value coming from the input as well.