To fix the problem, we need to ensure that any user-provided data is properly sanitized or encoded before being inserted into the HTML. In this case, we can use the he library, which is already imported, to encode the currentLanguage parameter before using it in the HTML.
We will use he.encode to encode currentLanguage before it is used in the newCards HTML string.
This change will be made in the loadMorePokemon function where currentLanguage is used.
Suggested fixes powered by Copilot Autofix. Review carefully before merging.
Fixes https://github.com/kieferhax/pokedex-web-application/security/code-scanning/4
To fix the problem, we need to ensure that any user-provided data is properly sanitized or encoded before being inserted into the HTML. In this case, we can use the
helibrary, which is already imported, to encode thecurrentLanguageparameter before using it in the HTML.he.encodeto encodecurrentLanguagebefore it is used in thenewCardsHTML string.loadMorePokemonfunction wherecurrentLanguageis used.Suggested fixes powered by Copilot Autofix. Review carefully before merging.