From 2a2eeabac77cd02e5fa1e289eac5e64516bfa772 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E4=BE=9D=E7=91=AA=E8=B2=93?= <imacat@mail.imacat.idv.tw>
Date: Mon, 9 Mar 2026 14:10:16 +0800
Subject: [PATCH] Fix XSS in uploadFailedSecond default case with escapeHtml

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 src/module/alertModal.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/module/alertModal.js b/src/module/alertModal.js
index 8404597..6666982 100644
--- a/src/module/alertModal.js
+++ b/src/module/alertModal.js
@@ -402,7 +402,7 @@ export async function uploadFailedSecond(detail) {
             key = "Status";
             break;
           default:
-            key = i.loc[2];
+            key = escapeHtml(String(i.loc[2]));
             break;
         }
         content = `<li>Data missing in ${key} Column: (Row #${i.loc[1]})</li>`;