From d0d29c82e00efadc335caf3fff9326173226d189 Mon Sep 17 00:00:00 2001
From: Josh Eckels <jeckels@labkey.com>
Date: Thu, 2 Oct 2025 10:42:17 -0700
Subject: [PATCH 1/4] Potential fix for code scanning alert no. 77: Incomplete
 string escaping or encoding

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 timeline/webapp/timeline/sparkline/ui.tabs.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/timeline/webapp/timeline/sparkline/ui.tabs.js b/timeline/webapp/timeline/sparkline/ui.tabs.js
index 38f0a2c2b3c..3f17586de9c 100644
--- a/timeline/webapp/timeline/sparkline/ui.tabs.js
+++ b/timeline/webapp/timeline/sparkline/ui.tabs.js
@@ -62,7 +62,8 @@ $.widget("ui.tabs", {
 	},
 
 	_sanitizeSelector: function(hash) {
-		return hash.replace(/:/g, '\\:'); // we need this because an id may contain a ":"
+		// First escape backslashes, then escape colons
+		return hash.replace(/\\/g, '\\\\').replace(/:/g, '\\:'); // we need this because an id may contain a ":"
 	},
 
 	_cookie: function() {

From 7e60e43f10f5e6e016e81daa3911511f1e53d750 Mon Sep 17 00:00:00 2001
From: Josh Eckels <jeckels@labkey.com>
Date: Thu, 2 Oct 2025 10:42:59 -0700
Subject: [PATCH 2/4] Potential fix for code scanning alert no. 152: Bad HTML
 filtering regexp

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 timeline/webapp/timeline/sparkline/jquery.sparkline.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/timeline/webapp/timeline/sparkline/jquery.sparkline.js b/timeline/webapp/timeline/sparkline/jquery.sparkline.js
index b4dd24c91a8..d4eabec02c2 100644
--- a/timeline/webapp/timeline/sparkline/jquery.sparkline.js
+++ b/timeline/webapp/timeline/sparkline/jquery.sparkline.js
@@ -300,7 +300,7 @@
                     if (vals===undefined || vals===null) {
                         vals = $(this).html();
                     }
-                    values = vals.replace(/(^\s*<!--)|(-->\s*$)|\s+/g, '').split(',');
+                    values = vals.replace(/(^\s*<!--)|(--(?:-!|>)\s*$)|\s+/g, '').split(',');
                 } else {
                     values = uservalues;
                 }

From 6c4768fa3a55c1f29096b2159f2cae7138a34e7e Mon Sep 17 00:00:00 2001
From: Josh Eckels <jeckels@labkey.com>
Date: Sat, 4 Oct 2025 11:50:45 -0700
Subject: [PATCH 3/4] Potential fix for code scanning alert no. 384: Bad HTML
 filtering regexp

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 timeline/webapp/timeline/sparkline/jquery.sparkline.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/timeline/webapp/timeline/sparkline/jquery.sparkline.js b/timeline/webapp/timeline/sparkline/jquery.sparkline.js
index d4eabec02c2..5ff74101e6f 100644
--- a/timeline/webapp/timeline/sparkline/jquery.sparkline.js
+++ b/timeline/webapp/timeline/sparkline/jquery.sparkline.js
@@ -300,7 +300,9 @@
                     if (vals===undefined || vals===null) {
                         vals = $(this).html();
                     }
-                    values = vals.replace(/(^\s*<!--)|(--(?:-!|>)\s*$)|\s+/g, '').split(',');
+                    // Remove HTML comments (<!-- ... --> and <!-- ... --!>)
+                    vals = vals.replace(/<!--[\s\S]*?--\s*!?>/g, '');
+                    values = vals.replace(/\s+/g, '').split(',');
                 } else {
                     values = uservalues;
                 }

From ee02dd5e7ef85fc334aa79d7f6735c1022c10b1b Mon Sep 17 00:00:00 2001
From: Josh Eckels <jeckels@labkey.com>
Date: Sat, 4 Oct 2025 12:00:01 -0700
Subject: [PATCH 4/4] Potential fix for code scanning alert no. 385: Incomplete
 multi-character sanitization

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .../webapp/timeline/sparkline/jquery.sparkline.js    | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/timeline/webapp/timeline/sparkline/jquery.sparkline.js b/timeline/webapp/timeline/sparkline/jquery.sparkline.js
index 5ff74101e6f..286aef18f37 100644
--- a/timeline/webapp/timeline/sparkline/jquery.sparkline.js
+++ b/timeline/webapp/timeline/sparkline/jquery.sparkline.js
@@ -170,6 +170,16 @@
 
 (function($) {
 
+    // Repeatedly remove all HTML comments, for complete multi-character sanitization.
+    function removeHtmlComments(input) {
+        let previous;
+        do {
+            previous = input;
+            input = input.replace(/<!--[\s\S]*?--\s*!?>/g, '');
+        } while (input !== previous);
+        return input;
+    }
+
     /*
      * Default configuration settings
      */
@@ -301,7 +311,7 @@
                         vals = $(this).html();
                     }
                     // Remove HTML comments (<!-- ... --> and <!-- ... --!>)
-                    vals = vals.replace(/<!--[\s\S]*?--\s*!?>/g, '');
+                    vals = removeHtmlComments(vals);
                     values = vals.replace(/\s+/g, '').split(',');
                 } else {
                     values = uservalues;