From 375f744c6207fb4f6e64a1b4ceb655ce5d5f9651 Mon Sep 17 00:00:00 2001
From: boomzero <thomas_rainbowfish@icloud.com>
Date: Sun, 9 Feb 2025 08:12:09 +0800
Subject: [PATCH 1/3] Fix code scanning alert - DOM text reinterpreted as HTML

fix #687
---
 XMOJ.user.js | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/XMOJ.user.js b/XMOJ.user.js
index 5e0378a5..9f4b742c 100644
--- a/XMOJ.user.js
+++ b/XMOJ.user.js
@@ -41,6 +41,19 @@
 const CaptchaSiteKey = "0x4AAAAAAALBT58IhyDViNmv";
 const AdminUserList = ["zhuchenrui2", "shanwenxiao", "admin"];
 
+let escapeHTML = (str) => {
+    return str.replace(/[&<>"']/g, function (match) {
+        const escape = {
+            '&': '&amp;',
+            '<': '&lt;',
+            '>': '&gt;',
+            '"': '&quot;',
+            "'": '&#39;'
+        };
+        return escape[match];
+    });
+};
+
 let PurifyHTML = (Input) => {
     try {
         return DOMPurify.sanitize(Input, {
@@ -3979,7 +3992,7 @@ int main()
                     Temp = document.querySelector("#problemstatus > tbody").children;
                     for (let i = 0; i < Temp.length; i++) {
                         if (Temp[i].children[5].children[0] != null) {
-                            Temp[i].children[1].innerHTML = `<a href="${Temp[i].children[5].children[0].href}">${Temp[i].children[1].innerText.trim()}</a>`;
+                            Temp[i].children[1].innerHTML = `<a href="${Temp[i].children[5].children[0].href}">${escapeHTML(Temp[i].children[1].innerText.trim())}</a>`;
                         }
                         GetUsernameHTML(Temp[i].children[2], Temp[i].children[2].innerText);
                         Temp[i].children[3].remove();

From cf77a502141c6f3fb99541e7d6de7c604af320e0 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Sun, 9 Feb 2025 00:14:15 +0000
Subject: [PATCH 2/3] 1.3.1

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index f9481ffd..cf0cc01d 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "xmoj-script",
-  "version": "1.3.0",
+  "version": "1.3.1",
   "description": "an improvement script for xmoj.tech",
   "main": "AddonScript.js",
   "scripts": {

From a7c254df97449775104f1e5f187af360c4d7fc53 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Sun, 9 Feb 2025 00:14:16 +0000
Subject: [PATCH 3/3] Update version info to 1.3.1

---
 Update.json  | 11 +++++++++++
 XMOJ.user.js |  2 +-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/Update.json b/Update.json
index 6fbb2c7b..f0d3fa62 100644
--- a/Update.json
+++ b/Update.json
@@ -2718,6 +2718,17 @@
                 }
             ],
             "Notes": "If you are curious why the version number is v1.3.0, it's because we changed our versioning strategy! Click <a href=\"https://github.com/orgs/XMOJ-Script-dev/discussions/771\"> here </a> for more details."
+        },
+        "1.3.1": {
+            "UpdateDate": 1739060055956,
+            "Prerelease": true,
+            "UpdateContents": [
+                {
+                    "PR": 774,
+                    "Description": "Fix code scanning alert - DOM text reinterpreted as HTML"
+                }
+            ],
+            "Notes": "No release notes were provided for this release."
         }
     }
 }
\ No newline at end of file
diff --git a/XMOJ.user.js b/XMOJ.user.js
index 9f4b742c..3821580f 100644
--- a/XMOJ.user.js
+++ b/XMOJ.user.js
@@ -1,6 +1,6 @@
 // ==UserScript==
 // @name         XMOJ
-// @version      1.3.0
+// @version      1.3.1
 // @description  XMOJ增强脚本
 // @author       @XMOJ-Script-dev, @langningchen and the community
 // @namespace    https://github/langningchen