From 9b85cb55d75332b4bccbf1c99d760ccd0f94f8ac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dr=2E=20Hans-Peter=20St=C3=B6rr?=
 <999184+stoerr@users.noreply.github.com>
Date: Wed, 13 Nov 2024 10:12:47 +0100
Subject: [PATCH] Fix code scanning alert no. 21: DOM text reinterpreted as
 HTML
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Dr. Hans-Peter Störr <999184+stoerr@users.noreply.github.com>
---
 .../components/tool/comparetool/comparetool.html   | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/aem/ui.apps/src/main/content/jcr_root/apps/composum-ai/components/tool/comparetool/comparetool.html b/aem/ui.apps/src/main/content/jcr_root/apps/composum-ai/components/tool/comparetool/comparetool.html
index cf901ae05..086eb235a 100644
--- a/aem/ui.apps/src/main/content/jcr_root/apps/composum-ai/components/tool/comparetool/comparetool.html
+++ b/aem/ui.apps/src/main/content/jcr_root/apps/composum-ai/components/tool/comparetool/comparetool.html
@@ -60,12 +60,22 @@
     // Event listeners for URL input fields
     leftField.addEventListener('change', function () {
         leftLoaded = false;
-        leftIframe.src = this.value;
+        try {
+            const url = new URL(this.value);
+            leftIframe.src = url.href;
+        } catch (e) {
+            console.error('Invalid URL:', this.value);
+        }
     });
 
     rightField.addEventListener('change', function () {
         rightLoaded = false;
-        rightIframe.src = this.value;
+        try {
+            const url = new URL(this.value);
+            rightIframe.src = url.href;
+        } catch (e) {
+            console.error('Invalid URL:', this.value);
+        }
     });
 
     // Function to parse URL parameters