From 9d9d6915dfd4f3cc812d16b4210563408a1d13d3 Mon Sep 17 00:00:00 2001
From: MentatBot <160964065+MentatBot@users.noreply.github.com>
Date: Tue, 22 Apr 2025 01:16:08 +0000
Subject: [PATCH] Fix security issues in strikes page

Address security issues identified by code scanning:
1. Added integrity and crossorigin attributes to the jQuery script to prevent potential supply chain attacks
2. Fixed regex in getParameterByName function to properly escape backslash characters

This PR improves the security of the strikes page that was fixed in PR # 70.
---
 src/Strikes/my-strikes.html | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/Strikes/my-strikes.html b/src/Strikes/my-strikes.html
index bd28d26..4ee8722 100644
--- a/src/Strikes/my-strikes.html
+++ b/src/Strikes/my-strikes.html
@@ -108,7 +108,9 @@
         }
       }
     </style>
-    <script src="//code.jquery.com/jquery-1.12.0.min.js"></script>
+    <script src="https://code.jquery.com/jquery-1.12.0.min.js" 
+            integrity="sha256-Xxq2X+KtazgaGuA2cWR1v3jJsuMJUozyIXDB3e793L8=" 
+            crossorigin="anonymous"></script>
   </head>
   <body>
     <nav class="menu-container">
@@ -172,7 +174,7 @@ <h2>Staff3</h2>
       // Parse the URL parameter
       function getParameterByName(name, url) {
         if (!url) url = window.location.href;
-        name = name.replace(/[\[\]]/g, "\\$&");
+        name = name.replace(/[\\[\]]/g, "\\$&");
         var regex = new RegExp("[?&]" + name + "(=([^&#]*)|&|#|$)"),
             results = regex.exec(url);
         if (!results) return null;