From 51a958936c3636993df76e1c0e0dd38a4c1ac6d0 Mon Sep 17 00:00:00 2001
From: ElyPrism <noreply@focalors.ltd>
Date: Fri, 6 Feb 2026 20:07:23 +0800
Subject: [PATCH] Potential fix for code scanning alert no. 15: DOM text
 reinterpreted as HTML

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 public/audio_match_demo/index.html | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/public/audio_match_demo/index.html b/public/audio_match_demo/index.html
index b5e7eb4..550880c 100644
--- a/public/audio_match_demo/index.html
+++ b/public/audio_match_demo/index.html
@@ -319,10 +319,20 @@
     else
       micSourceNode.connect(recorderNode)
   })
+  function escapeHtml(str) {
+    return String(str)
+      .replace(/&/g, '&amp;')
+      .replace(/</g, '&lt;')
+      .replace(/>/g, '&gt;')
+      .replace(/"/g, '&quot;')
+      .replace(/'/g, '&#39;')
+      .replace(/\//g, '&#x2F;');
+  }
   file.addEventListener('change', event => {
     file.files[0].arrayBuffer().then(
       async buffer => {
-        logs.write(`[index] 文件 ${file.files[0].name} 已加载`)
+        const safeName = escapeHtml(file.files[0].name)
+        logs.write(`[index] 文件 ${safeName} 已加载`)
         audio.src = window.URL.createObjectURL(new Blob([buffer]))
         clip.disabled = false
       })