fix: DOM text reinterpreted as HTML leading to self-XSS (#633)

* fix: DOM text reinterpreted as HTML

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* fix: format with prettier

---------

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: Oliver Eyton-Williams <ojeytonwilliams@gmail.com>

Author: 3 people

apps/image-search-abstraction-layer/public/imageSearch.js

@@ -37,16 +37,20 @@ function updateURL() {
   var queryTest = /\S/;
 
   if (selected == 'query' && queryTest.test(queryValue)) {
-    url += 'query/' + queryValue + '?page=' + pageValue;
+    url +=
+      'query/' +
+      encodeURIComponent(queryValue) +
+      '?page=' +
+      encodeURIComponent(pageValue);
     if (sizeValue != 'All') {
-      url += '&size=' + sizeValue;
+      url += '&size=' + encodeURIComponent(sizeValue);
     }
   }
   if (selected == 'recent') {
     url += 'recent/';
   }
 
-  urlDiv.innerHTML = url;
+  urlDiv.textContent = url;
   urlDiv.setAttribute('href', url);
 }