From f869d90b0b951a1c42512945cef9732353dc78cf Mon Sep 17 00:00:00 2001
From: Altafur Rahman <altafurrahaman3@gmail.com>
Date: Sat, 28 Oct 2023 22:14:32 +0600
Subject: [PATCH] Fix code scanning alert issue-#1352 (#1505)

* Fix code scanning alert issue-#1352

* Fix code scanning alert issue-#1352

---------

Co-authored-by: DonnieBLT <128622481+DonnieBLT@users.noreply.github.com>
---
 website/static/vendor/bootstrap/js/bootstrap.js | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/website/static/vendor/bootstrap/js/bootstrap.js b/website/static/vendor/bootstrap/js/bootstrap.js
index 9301eaa78..c46ec9682 100644
--- a/website/static/vendor/bootstrap/js/bootstrap.js
+++ b/website/static/vendor/bootstrap/js/bootstrap.js
@@ -15,7 +15,10 @@ if (typeof jQuery === 'undefined') {
         throw new Error('Bootstrap\'s JavaScript requires jQuery version 1.9.1 or higher, but lower than version 4')
     }
 }(jQuery);
-
+function sanitizeSelector(selector) {
+    // Use a whitelist approach to only allow valid characters in a selector
+    return selector.replace(/[^\w-#.:]/g, '');
+}
 /* ========================================================================
  * Bootstrap: transition.js v3.3.7
  * http://getbootstrap.com/javascript/#transitions
@@ -112,8 +115,8 @@ if (typeof jQuery === 'undefined') {
             selector = $this.attr('href')
             selector = selector && selector.replace(/.*(?=#[^\s]*$)/, '') // strip for ie7
         }
-
-        var $parent = $(selector === '#' ? [] : selector)
+        selector = sanitizeSelector(selector === '#' ? '' : selector);
+        var $parent = $(selector);
 
         if (e) e.preventDefault()
 
@@ -139,7 +142,6 @@ if (typeof jQuery === 'undefined') {
             removeElement()
     }
 
-
     // ALERT PLUGIN DEFINITION
     // =======================