From 1f761bb62b50d90e728898f11b15fea406747489 Mon Sep 17 00:00:00 2001
From: Aviv Keller <38299977+RedYetiDev@users.noreply.github.com>
Date: Tue, 19 Mar 2024 11:54:35 -0400
Subject: [PATCH] Prevent HTML/XSS Injection in Scala Search (#19980)

This PR fixes the `_layouts/search.html` file to use `innerText` rather
than `innerHTML`. This will prevent the ability to inject HTML/XSS into
the code of the page.
[Cherry-picked 45541318a2f4a97509fc45081b79df9c5a4d1046]
---
 docs/_layouts/search.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/_layouts/search.html b/docs/_layouts/search.html
index 355a7e83eeb4..581e3948e649 100644
--- a/docs/_layouts/search.html
+++ b/docs/_layouts/search.html
@@ -47,11 +47,11 @@ <h2 class="d-none d-md-block">Member Results</h2>
 
     // Set search term and title:
     var searchTerm = decodeURIComponent(parameters["searchTerm"]);
-    document.getElementById("searching-for").innerHTML = 'Search results for "' + searchTerm + '"';
+    document.getElementById("searching-for").innerText = 'Search results for "' + searchTerm + '"';
     document.title = searchTerm + ' - Search results';
 
     if (!window.Worker) {
-        document.getElementById("searching-for").innerHTML =
+        document.getElementById("searching-for").innerText =
             "Couldn't search for \"" + searchTerm + "\", " +
             "web workers not supported. Please update your browser.";
     }