From 95d8cba4f29fa4e1c16e89109d8dd4302747408b Mon Sep 17 00:00:00 2001 From: Konstantin Dinev Date: Fri, 15 Nov 2024 10:49:30 +0200 Subject: [PATCH] Fix code scanning alert no. 5: Incomplete string escaping or encoding Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- src/js/modules/infragistics.templating.js | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/js/modules/infragistics.templating.js b/src/js/modules/infragistics.templating.js index 984354492..54e875b78 100644 --- a/src/js/modules/infragistics.templating.js +++ b/src/js/modules/infragistics.templating.js @@ -186,8 +186,9 @@ splitName = tempToken[ 1 ].split("."); // K.D. September 25th, 2012 Bug #122463 The property can contain $ in its name. - template = template.replace(new RegExp("\\$\\{" + tempToken[ 1 ].replace(/\$/g, "\\$") + "\\}", "g"), ""); - tempToken[ 3 ] = new RegExp("\\$\\{" + tempToken[ 1 ].replace(/\$/g, "\\$") + "\\}", "g"); + tempToken[ 1 ] = tempToken[ 1 ].replace(/\\/g, "\\\\").replace(/\$/g, "\\$"); + template = template.replace(new RegExp("\\$\\{" + tempToken[ 1 ] + "\\}", "g"), ""); + tempToken[ 3 ] = new RegExp("\\$\\{" + tempToken[ 1 ] + "\\}", "g"); tempToken[ 1 ] = splitName; tempToken[ 2 ] = true; this.tokens.push(tempToken); @@ -200,8 +201,9 @@ splitName = tempToken[ 1 ].split("."); // K.D. September 25th, 2012 Bug #122463 The property can contain $ in its name. - template = template.replace(new RegExp("\\{\\{html\\s+" + tempToken[ 1 ].replace(/\$/g, "\\$") + "\\}\\}", "g"), ""); - tempToken[ 3 ] = new RegExp("\\{\\{html\\s+" + tempToken[ 1 ].replace(/\$/g, "\\$") + "\\}\\}", "g"); + tempToken[ 1 ] = tempToken[ 1 ].replace(/\\/g, "\\\\").replace(/\$/g, "\\$"); + template = template.replace(new RegExp("\\{\\{html\\s+" + tempToken[ 1 ] + "\\}\\}", "g"), ""); + tempToken[ 3 ] = new RegExp("\\{\\{html\\s+" + tempToken[ 1 ] + "\\}\\}", "g"); tempToken[ 1 ] = splitName; tempToken[ 2 ] = false; this.tokens.push(tempToken);