From 27b25471324e509372b82e7648b363b399d96e03 Mon Sep 17 00:00:00 2001
From: JeromeMBourgeois <jerome.bourgeois@insee.fr>
Date: Tue, 6 Aug 2024 14:54:14 +0200
Subject: [PATCH 01/20] sanitization

---
 pages/common/client-naf.html          |  45 +++++--
 pages/common/eap2017/display-item.htm | 154 +++++++++++++-----------
 pages/common/eap2018/display-item.htm | 154 +++++++++++++-----------
 pages/common/eap2019/display-item.htm | 154 +++++++++++++-----------
 pages/common/eap2020/display-item.htm | 154 +++++++++++++-----------
 pages/common/eap2021/display-item.htm | 152 +++++++++++++-----------
 pages/common/eap2022/display-item.htm | 152 +++++++++++++-----------
 pages/common/eap2023/display-item.htm | 152 +++++++++++++-----------
 pages/common/emb2018/display-item.htm | 162 ++++++++++++++------------
 pages/common/emb2019/display-item.htm | 162 ++++++++++++++------------
 pages/common/emb2020/display-item.htm | 162 ++++++++++++++------------
 pages/common/emb2021/display-item.htm | 162 ++++++++++++++------------
 pages/common/emb2022/display-item.htm | 160 +++++++++++++------------
 pages/common/emb2023/display-item.htm | 160 +++++++++++++------------
 pages/common/emb2024/display-item.htm | 160 +++++++++++++------------
 pages/common/naf/display-item.htm     | 125 ++++++++++++--------
 16 files changed, 1295 insertions(+), 1075 deletions(-)

diff --git a/pages/common/client-naf.html b/pages/common/client-naf.html
index e6db2b0..e6c8fb4 100644
--- a/pages/common/client-naf.html
+++ b/pages/common/client-naf.html
@@ -1,38 +1,61 @@
 <!doctype html>
-<html>
+<html lang="fr">
     <head>
+        <meta charset="utf-8">
+        <meta name="viewport" content="width=device-width, initial-scale=1.0">
+        <meta name="description" content="Recherche dans la NAF">
+        <title>Recherche dans la NAF</title>
+        <link href="../commun.css" rel="stylesheet" type="text/css"/>
         <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script>
         <script>
             $(document).ready(function () {
                 $("#chercher").bind("click", function () {
-                    $("#resultat").html("<p>Code non trouv�</p>");
+                    $("#resultat").html("<p>Code non trouvé</p>");
                     var code = document.getElementById("code").value.trim().toUpperCase();
-                    if (code.length == 0) $("#resultat").html("<p><b>Veuillez entrer un code</b></p>");
-                    else {
+                    if (code.length == 0) {
+                        $("#resultat").html("<p><b>Veuillez entrer un code</b></p>");
+                    } else {
                         var query =
                             "prefix skos: <http://www.w3.org/2004/02/skos/core#> select ?libelle from <http://rdf.insee.fr/graphes/codes/nafr2> ";
                         query +=
                             'where {?s skos:notation "' +
-                            code +
+                            escapeHtml(code) +
                             "\" . ?s skos:prefLabel ?libelle filter(lang(?libelle) = 'fr')}";
                         var url = "https://rdf.insee.fr/sparql?query=" + encodeURIComponent(query);
-                        $.getJSON(url).success(function (data) {
-                            $("#resultat").html(
-                                "<p>" + code + " - " + data.results.bindings[0].libelle.value + "</p>"
-                            );
+
+                        $.getJSON(url).done(function (data) {
+                            if (data.results.bindings.length > 0) {
+                                var libelle = data.results.bindings[0].libelle.value;
+                                $("#resultat").html("<p>" + escapeHtml(code) + " - " + escapeHtml(libelle) + "</p>");
+                            } else {
+                                $("#resultat").html("<p>Code non trouvé</p>");
+                            }
+                        }).fail(function () {
+                            $("#resultat").html("<p>Erreur lors de la récupération des données</p>");
                         });
                     }
                 });
+
+                function escapeHtml(text) {
+                    var map = {
+                        '&': '&amp;',
+                        '<': '&lt;',
+                        '>': '&gt;',
+                        '"': '&quot;',
+                        "'": '&#039;'
+                    };
+                    return text.replace(/[&<>"']/g, function(m) { return map[m]; });
+                }
             });
         </script>
     </head>
     <body>
         <h1>Recherche dans la NAF</h1>
         <div>
-            <label>Code : </label>
+            <label for="code">Code : </label>
             <input id="code" type="text" autofocus="autofocus" />
             <button id="chercher" required>Chercher</button><br />
         </div>
-        <div id="resultat" />
+        <div id="resultat"></div>
     </body>
 </html>
diff --git a/pages/common/eap2017/display-item.htm b/pages/common/eap2017/display-item.htm
index bb7d440..0c94aa6 100644
--- a/pages/common/eap2017/display-item.htm
+++ b/pages/common/eap2017/display-item.htm
@@ -1,20 +1,20 @@
 <!DOCTYPE html>
-<html>
+<html lang="fr">
 	<head>
-		<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
-        <title>EAP - consultation</title>
-        <link href="../commun.css" rel="stylesheet" type="text/css"/>
+		<meta charset="utf-8">
+		<meta name="viewport" content="width=device-width, initial-scale=1.0">
+		<meta name="description" content="EAP - consultation">
+		<title>EAP - consultation</title>
+		<link href="../commun.css" rel="stylesheet" type="text/css"/>
 		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
 		<script>
-			/*
-			var niveau="produits"*/
-			var endpointURL = "http://rdf.insee.fr/sparql";
+			var endpointURL = "https://rdf.insee.fr/sparql";
 			var racine = "http://id.insee.fr/codes/";
-			var nomenclature="eap2017";
-			var regex = new RegExp(racine +nomenclature +"/[A-Z0-9]+/", "g");
+			var nomenclature = "eap2017";
+			var regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
 			var replacement = 'display-item.htm?code=';
-			var itemTypes = ['Produit', 'produit'];//Nom "propre" des différents niveaux 
-			var parentLength = [0,4];//Taille des codes parents (0 si n'existe pas)
+			var itemTypes = ['Produit', 'produit'];
+			var parentLength = [0, 4];
 
 			$(document).ready(function() {
 				var code = getURLParameter('code');
@@ -22,123 +22,135 @@
 				getLabel(code);
 			});
 
+			function escapeHtml(text) {
+				var map = {
+					'&': '&amp;',
+					'<': '&lt;',
+					'>': '&gt;',
+					'"': '&quot;',
+					"'": '&#039;'
+				};
+				return text.replace(/[&<>"']/g, function(m) { return map[m]; });
+			}
+
 			function getLabel(code) {
 				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ";
 				query += "SELECT ?uri ?label WHERE {";
-				query += "GRAPH <http://rdf.insee.fr/graphes/codes/"+nomenclature+"> {";
-				query += "?uri skos:prefLabel ?label ; skos:notation '"+ code;
+				query += "GRAPH <http://rdf.insee.fr/graphes/codes/" + nomenclature + "> {";
+				query += "?uri skos:prefLabel ?label ; skos:notation '" + escapeHtml(code);
 				query += "'. FILTER langMatches (lang(?label), 'fr')}";
-			  query += " . }";
+				query += " . }";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
-					var itemURI = data.results.bindings[0].uri.value;
-					$('#label').html(code + " - " + data.results.bindings[0].label.value);
-					if (code.length>6){
+				$.getJSON(queryURL).done(function(data) {
+					if (data.results.bindings.length > 0) {
+						var itemURI = data.results.bindings[0].uri.value;
+						$('#label').html(escapeHtml(code) + " - " + escapeHtml(data.results.bindings[0].label.value));
+						if (code.length > 6) {
 							getDescription(itemURI);
+						}
+						var childTypeIndex = (code.length == 6 ? 1 : 0);
+						getChildren(itemURI, itemTypes[childTypeIndex]);
+					} else {
+						$('#label').html("<p>Code non trouvé</p>");
 					}
-					var childTypeIndex = (code.length == 6 ? 1 : 0);
-					getChildren(itemURI, itemTypes[childTypeIndex]);
-
-				})
+				}).fail(function() {
+					$('#label').html("<p>Erreur lors de la récupération des données</p>");
+				});
 			}
 
 			function getDescription(itemURI) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + itemURI + ">";
+				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + escapeHtml(itemURI) + ">";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-						"OK"
-				$.getJSON(queryURL).success(function(data) {
+
+				$.getJSON(queryURL).done(function(data) {
 					for (var index = 0; index < data.results.bindings.length; index++) {
 						var bindingObject = data.results.bindings[index];
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale"); // Note générale
-
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale"); // Note générale
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central"); // Contenu central
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite"); // Contenu central
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions"); // Exclusions
-						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques"); // Remarque
+						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale");
+						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions");
+						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques");
 					}
-				})
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function getChildren(itemURI, childType) {
-
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + itemURI + ">  skos:narrower ?child . ";
-				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code"
+				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + escapeHtml(itemURI) + "> skos:narrower ?child . ";
+				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
+				$.getJSON(queryURL).done(function(data) {
 					if (data.results.bindings.length > 0) {
 						var innerHTML = '<p class="nom-enfants">Liste des produits détaillés</p><ul class="enfants">';
 						for (var index = 0; index < data.results.bindings.length; index++) {
 							var childCode = data.results.bindings[index].code.value;
-							innerHTML += '<li><p><a href="'+replacement + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
+							innerHTML += '<li><p><a href="'+ replacement + escapeHtml(childCode) + '">' + escapeHtml(childCode) + ' - ' + escapeHtml(data.results.bindings[index].label.value) + '</a></p></li>';
 						}
 						innerHTML += '</ul>';
 						$('#sous-items').html(innerHTML);
 						$('#sous-items').addClass("sous-items");
 					}
-				})
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function getURLParameter(name) {
-    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20'))||null;
+    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20')) || null;
 			}
 
 			function getNote(uri, tag) {
-
-				var query = 'SELECT ?text WHERE { <' + uri + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }'
+				var query = 'SELECT ?text WHERE { <' + escapeHtml(uri) + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }';
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
-					var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
-					$('#' + tag).append(noteText.replace(/\\\$/g, "<br />"));
-					$('#' + tag).addClass(tag);
-				})
+				$.getJSON(queryURL).done(function(data) {
+					if (data.results.bindings.length > 0) {
+						var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
+						$('#' + tag).append(escapeHtml(noteText).replace(/\\\$/g, "<br />"));
+						$('#' + tag).addClass(tag);
+					}
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function breadcrumbs(code, finalLink) {
+				var niveau;
 				if (code && code.length > 6) {
-					niveau='Produit détaillé ';
-				}else niveau = 'Produit agrégé ';
-				var name = niveau+code;
-				//itemTypes[code.length] + ' ' + code;
+					niveau = 'Produit détaillé ';
+				} else {
+					niveau = 'Produit agrégé ';
+				}
+				var name = escapeHtml(niveau + code);
 				var html;
 				var fin = (finalLink ?
-						('<li><a href="'+ replacement + code +'" title="' + name + '">' + name + '</a></li>')
-						: ('<li>' + name + '</li>')
-					);
+					('<li><a href="'+ replacement + escapeHtml(code) +'" title="' + name + '">' + name + '</a></li>')
+					: ('<li>' + name + '</li>')
+				);
 
 				if (code && code.length <= 6) {
-					html = '<li><a href="eap.htm" title="Accueil">'+nomenclature.toUpperCase()+'</a></li>&nbsp;'	+  fin;
-
-					}
-				else if (code){
-					html =
-					 breadcrumbs(getParentCode(code), true) + '&nbsp;' 	+
-					fin;
-					}
+					html = '<li><a href="eap.htm" title="Accueil">'+ escapeHtml(nomenclature.toUpperCase()) +'</a></li>&nbsp;' + fin;
+				} else if (code) {
+					html = breadcrumbs(getParentCode(code), true) + '&nbsp;' + fin;
+				}
 				return html;
 			}
 
-			/**
-			à partir du code enfant return le code parent
-			**/
 			function getParentCode(code) {
-				//TODO à réécrire pour chaque nomenclature
 				var codeParent;
 				if (code && code.length > 6) {
 					codeParent = code.substr(0, parentLength[1]);
-					if (code.slice(-1).match(/[A-Z]/)){//le dernier élément du code est une lettre
-						codeParent+=code.slice(-1).toLowerCase();
+					if (code.slice(-1).match(/[A-Z]/)) {
+						codeParent += code.slice(-1).toLowerCase();
 					}
 					return codeParent;
 				}
 				return null;
 			}
-
-
-
 		</script>
 	</head>
 	<body>
diff --git a/pages/common/eap2018/display-item.htm b/pages/common/eap2018/display-item.htm
index c2f60ae..2d4f7cc 100644
--- a/pages/common/eap2018/display-item.htm
+++ b/pages/common/eap2018/display-item.htm
@@ -1,20 +1,20 @@
 <!DOCTYPE html>
-<html>
+<html lang="fr">
 	<head>
-		<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
-        <title>EAP - consultation</title>
-        <link href="../commun.css" rel="stylesheet" type="text/css"/>
+		<meta charset="utf-8">
+		<meta name="viewport" content="width=device-width, initial-scale=1.0">
+		<meta name="description" content="EAP - consultation">
+		<title>EAP - consultation</title>
+		<link href="../commun.css" rel="stylesheet" type="text/css"/>
 		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
 		<script>
-			/*
-			var niveau="produits"*/
-			var endpointURL = "http://rdf.insee.fr/sparql";
+			var endpointURL = "https://rdf.insee.fr/sparql";
 			var racine = "http://id.insee.fr/codes/";
-			var nomenclature="eap2018";
-			var regex = new RegExp(racine +nomenclature +"/[A-Z0-9]+/", "g");
+			var nomenclature = "eap2018";
+			var regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
 			var replacement = 'display-item.htm?code=';
-			var itemTypes = ['Produit', 'produit'];//Nom "propre" des différents niveaux 
-			var parentLength = [0,4];//Taille des codes parents (0 si n'existe pas)
+			var itemTypes = ['Produit', 'produit'];
+			var parentLength = [0, 4];
 
 			$(document).ready(function() {
 				var code = getURLParameter('code');
@@ -22,123 +22,135 @@
 				getLabel(code);
 			});
 
+			function escapeHtml(text) {
+				var map = {
+					'&': '&amp;',
+					'<': '&lt;',
+					'>': '&gt;',
+					'"': '&quot;',
+					"'": '&#039;'
+				};
+				return text.replace(/[&<>"']/g, function(m) { return map[m]; });
+			}
+
 			function getLabel(code) {
 				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ";
 				query += "SELECT ?uri ?label WHERE {";
-				query += "GRAPH <http://rdf.insee.fr/graphes/codes/"+nomenclature+"> {";
-				query += "?uri skos:prefLabel ?label ; skos:notation '"+ code;
+				query += "GRAPH <http://rdf.insee.fr/graphes/codes/" + nomenclature + "> {";
+				query += "?uri skos:prefLabel ?label ; skos:notation '" + escapeHtml(code);
 				query += "'. FILTER langMatches (lang(?label), 'fr')}";
-			  query += " . }";
+				query += " . }";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
-					var itemURI = data.results.bindings[0].uri.value;
-					$('#label').html(code + " - " + data.results.bindings[0].label.value);
-					if (code.length>6){
+				$.getJSON(queryURL).done(function(data) {
+					if (data.results.bindings.length > 0) {
+						var itemURI = data.results.bindings[0].uri.value;
+						$('#label').html(escapeHtml(code) + " - " + escapeHtml(data.results.bindings[0].label.value));
+						if (code.length > 6) {
 							getDescription(itemURI);
+						}
+						var childTypeIndex = (code.length == 6 ? 1 : 0);
+						getChildren(itemURI, itemTypes[childTypeIndex]);
+					} else {
+						$('#label').html("<p>Code non trouvé</p>");
 					}
-					var childTypeIndex = (code.length == 6 ? 1 : 0);
-					getChildren(itemURI, itemTypes[childTypeIndex]);
-
-				})
+				}).fail(function() {
+					$('#label').html("<p>Erreur lors de la récupération des données</p>");
+				});
 			}
 
 			function getDescription(itemURI) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + itemURI + ">";
+				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + escapeHtml(itemURI) + ">";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-						"OK"
-				$.getJSON(queryURL).success(function(data) {
+
+				$.getJSON(queryURL).done(function(data) {
 					for (var index = 0; index < data.results.bindings.length; index++) {
 						var bindingObject = data.results.bindings[index];
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale"); // Note générale
-
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale"); // Note générale
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central"); // Contenu central
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite"); // Contenu central
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions"); // Exclusions
-						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques"); // Remarque
+						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale");
+						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions");
+						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques");
 					}
-				})
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function getChildren(itemURI, childType) {
-
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + itemURI + ">  skos:narrower ?child . ";
-				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code"
+				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + escapeHtml(itemURI) + "> skos:narrower ?child . ";
+				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
+				$.getJSON(queryURL).done(function(data) {
 					if (data.results.bindings.length > 0) {
 						var innerHTML = '<p class="nom-enfants">Liste des produits détaillés</p><ul class="enfants">';
 						for (var index = 0; index < data.results.bindings.length; index++) {
 							var childCode = data.results.bindings[index].code.value;
-							innerHTML += '<li><p><a href="'+replacement + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
+							innerHTML += '<li><p><a href="'+ replacement + escapeHtml(childCode) + '">' + escapeHtml(childCode) + ' - ' + escapeHtml(data.results.bindings[index].label.value) + '</a></p></li>';
 						}
 						innerHTML += '</ul>';
 						$('#sous-items').html(innerHTML);
 						$('#sous-items').addClass("sous-items");
 					}
-				})
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function getURLParameter(name) {
-    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20'))||null;
+    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20')) || null;
 			}
 
 			function getNote(uri, tag) {
-
-				var query = 'SELECT ?text WHERE { <' + uri + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }'
+				var query = 'SELECT ?text WHERE { <' + escapeHtml(uri) + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }';
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
-					var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
-					$('#' + tag).append(noteText.replace(/\\\$/g, "<br />"));
-					$('#' + tag).addClass(tag);
-				})
+				$.getJSON(queryURL).done(function(data) {
+					if (data.results.bindings.length > 0) {
+						var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
+						$('#' + tag).append(escapeHtml(noteText).replace(/\\\$/g, "<br />"));
+						$('#' + tag).addClass(tag);
+					}
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function breadcrumbs(code, finalLink) {
+				var niveau;
 				if (code && code.length > 6) {
-					niveau='Produit détaillé ';
-				}else niveau = 'Produit agrégé ';
-				var name = niveau+code;
-				//itemTypes[code.length] + ' ' + code;
+					niveau = 'Produit détaillé ';
+				} else {
+					niveau = 'Produit agrégé ';
+				}
+				var name = escapeHtml(niveau + code);
 				var html;
 				var fin = (finalLink ?
-						('<li><a href="'+ replacement + code +'" title="' + name + '">' + name + '</a></li>')
-						: ('<li>' + name + '</li>')
-					);
+					('<li><a href="'+ replacement + escapeHtml(code) +'" title="' + name + '">' + name + '</a></li>')
+					: ('<li>' + name + '</li>')
+				);
 
 				if (code && code.length <= 6) {
-					html = '<li><a href="eap.htm" title="Accueil">'+nomenclature.toUpperCase()+'</a></li>&nbsp;'	+  fin;
-
-					}
-				else if (code){
-					html =
-					 breadcrumbs(getParentCode(code), true) + '&nbsp;' 	+
-					fin;
-					}
+					html = '<li><a href="eap.htm" title="Accueil">'+ escapeHtml(nomenclature.toUpperCase()) +'</a></li>&nbsp;' + fin;
+				} else if (code) {
+					html = breadcrumbs(getParentCode(code), true) + '&nbsp;' + fin;
+				}
 				return html;
 			}
 
-			/**
-			à partir du code enfant return le code parent
-			**/
 			function getParentCode(code) {
-				//TODO à réécrire pour chaque nomenclature
 				var codeParent;
 				if (code && code.length > 6) {
 					codeParent = code.substr(0, parentLength[1]);
-					if (code.slice(-1).match(/[A-Z]/)){//le dernier élément du code est une lettre
-						codeParent+=code.slice(-1).toLowerCase();
+					if (code.slice(-1).match(/[A-Z]/)) {
+						codeParent += code.slice(-1).toLowerCase();
 					}
 					return codeParent;
 				}
 				return null;
 			}
-
-
-
 		</script>
 	</head>
 	<body>
diff --git a/pages/common/eap2019/display-item.htm b/pages/common/eap2019/display-item.htm
index 6dafaf5..e9b997f 100644
--- a/pages/common/eap2019/display-item.htm
+++ b/pages/common/eap2019/display-item.htm
@@ -1,20 +1,20 @@
 <!DOCTYPE html>
-<html>
+<html lang="fr">
 	<head>
-		<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
-        <title>EAP - consultation</title>
-        <link href="../commun.css" rel="stylesheet" type="text/css"/>
+		<meta charset="utf-8">
+		<meta name="viewport" content="width=device-width, initial-scale=1.0">
+		<meta name="description" content="EAP - consultation">
+		<title>EAP - consultation</title>
+		<link href="../commun.css" rel="stylesheet" type="text/css"/>
 		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
 		<script>
-			/*
-			var niveau="produits"*/
-			var endpointURL = "http://rdf.insee.fr/sparql";
+			var endpointURL = "https://rdf.insee.fr/sparql";
 			var racine = "http://id.insee.fr/codes/";
-			var nomenclature="eap2019";
-			var regex = new RegExp(racine +nomenclature +"/[A-Z0-9]+/", "g");
+			var nomenclature = "eap2019";
+			var regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
 			var replacement = 'display-item.htm?code=';
-			var itemTypes = ['Produit', 'produit'];//Nom "propre" des différents niveaux 
-			var parentLength = [0,4];//Taille des codes parents (0 si n'existe pas)
+			var itemTypes = ['Produit', 'produit'];
+			var parentLength = [0, 4];
 
 			$(document).ready(function() {
 				var code = getURLParameter('code');
@@ -22,123 +22,135 @@
 				getLabel(code);
 			});
 
+			function escapeHtml(text) {
+				var map = {
+					'&': '&amp;',
+					'<': '&lt;',
+					'>': '&gt;',
+					'"': '&quot;',
+					"'": '&#039;'
+				};
+				return text.replace(/[&<>"']/g, function(m) { return map[m]; });
+			}
+
 			function getLabel(code) {
 				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ";
 				query += "SELECT ?uri ?label WHERE {";
-				query += "GRAPH <http://rdf.insee.fr/graphes/codes/"+nomenclature+"> {";
-				query += "?uri skos:prefLabel ?label ; skos:notation '"+ code;
+				query += "GRAPH <http://rdf.insee.fr/graphes/codes/" + nomenclature + "> {";
+				query += "?uri skos:prefLabel ?label ; skos:notation '" + escapeHtml(code);
 				query += "'. FILTER langMatches (lang(?label), 'fr')}";
-			  query += " . }";
+				query += " . }";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
-					var itemURI = data.results.bindings[0].uri.value;
-					$('#label').html(code + " - " + data.results.bindings[0].label.value);
-					if (code.length>6){
+				$.getJSON(queryURL).done(function(data) {
+					if (data.results.bindings.length > 0) {
+						var itemURI = data.results.bindings[0].uri.value;
+						$('#label').html(escapeHtml(code) + " - " + escapeHtml(data.results.bindings[0].label.value));
+						if (code.length > 6) {
 							getDescription(itemURI);
+						}
+						var childTypeIndex = (code.length == 6 ? 1 : 0);
+						getChildren(itemURI, itemTypes[childTypeIndex]);
+					} else {
+						$('#label').html("<p>Code non trouvé</p>");
 					}
-					var childTypeIndex = (code.length == 6 ? 1 : 0);
-					getChildren(itemURI, itemTypes[childTypeIndex]);
-
-				})
+				}).fail(function() {
+					$('#label').html("<p>Erreur lors de la récupération des données</p>");
+				});
 			}
 
 			function getDescription(itemURI) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + itemURI + ">";
+				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + escapeHtml(itemURI) + ">";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-						"OK"
-				$.getJSON(queryURL).success(function(data) {
+
+				$.getJSON(queryURL).done(function(data) {
 					for (var index = 0; index < data.results.bindings.length; index++) {
 						var bindingObject = data.results.bindings[index];
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale"); // Note générale
-
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale"); // Note générale
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central"); // Contenu central
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite"); // Contenu central
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions"); // Exclusions
-						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques"); // Remarque
+						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale");
+						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions");
+						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques");
 					}
-				})
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function getChildren(itemURI, childType) {
-
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + itemURI + ">  skos:narrower ?child . ";
-				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code"
+				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + escapeHtml(itemURI) + "> skos:narrower ?child . ";
+				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
+				$.getJSON(queryURL).done(function(data) {
 					if (data.results.bindings.length > 0) {
 						var innerHTML = '<p class="nom-enfants">Liste des produits détaillés</p><ul class="enfants">';
 						for (var index = 0; index < data.results.bindings.length; index++) {
 							var childCode = data.results.bindings[index].code.value;
-							innerHTML += '<li><p><a href="'+replacement + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
+							innerHTML += '<li><p><a href="'+ replacement + escapeHtml(childCode) + '">' + escapeHtml(childCode) + ' - ' + escapeHtml(data.results.bindings[index].label.value) + '</a></p></li>';
 						}
 						innerHTML += '</ul>';
 						$('#sous-items').html(innerHTML);
 						$('#sous-items').addClass("sous-items");
 					}
-				})
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function getURLParameter(name) {
-    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20'))||null;
+    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20')) || null;
 			}
 
 			function getNote(uri, tag) {
-
-				var query = 'SELECT ?text WHERE { <' + uri + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }'
+				var query = 'SELECT ?text WHERE { <' + escapeHtml(uri) + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }';
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
-					var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
-					$('#' + tag).append(noteText.replace(/\\\$/g, "<br />"));
-					$('#' + tag).addClass(tag);
-				})
+				$.getJSON(queryURL).done(function(data) {
+					if (data.results.bindings.length > 0) {
+						var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
+						$('#' + tag).append(escapeHtml(noteText).replace(/\\\$/g, "<br />"));
+						$('#' + tag).addClass(tag);
+					}
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function breadcrumbs(code, finalLink) {
+				var niveau;
 				if (code && code.length > 6) {
-					niveau='Produit détaillé ';
-				}else niveau = 'Produit agrégé ';
-				var name = niveau+code;
-				//itemTypes[code.length] + ' ' + code;
+					niveau = 'Produit détaillé ';
+				} else {
+					niveau = 'Produit agrégé ';
+				}
+				var name = escapeHtml(niveau + code);
 				var html;
 				var fin = (finalLink ?
-						('<li><a href="'+ replacement + code +'" title="' + name + '">' + name + '</a></li>')
-						: ('<li>' + name + '</li>')
-					);
+					('<li><a href="'+ replacement + escapeHtml(code) +'" title="' + name + '">' + name + '</a></li>')
+					: ('<li>' + name + '</li>')
+				);
 
 				if (code && code.length <= 6) {
-					html = '<li><a href="eap.htm" title="Accueil">'+nomenclature.toUpperCase()+'</a></li>&nbsp;'	+  fin;
-
-					}
-				else if (code){
-					html =
-					 breadcrumbs(getParentCode(code), true) + '&nbsp;' 	+
-					fin;
-					}
+					html = '<li><a href="eap.htm" title="Accueil">'+ escapeHtml(nomenclature.toUpperCase()) +'</a></li>&nbsp;' + fin;
+				} else if (code) {
+					html = breadcrumbs(getParentCode(code), true) + '&nbsp;' + fin;
+				}
 				return html;
 			}
 
-			/**
-			à partir du code enfant return le code parent
-			**/
 			function getParentCode(code) {
-				//TODO à réécrire pour chaque nomenclature
 				var codeParent;
 				if (code && code.length > 6) {
 					codeParent = code.substr(0, parentLength[1]);
-					if (code.slice(-1).match(/[A-Z]/)){//le dernier élément du code est une lettre
-						codeParent+=code.slice(-1).toLowerCase();
+					if (code.slice(-1).match(/[A-Z]/)) {
+						codeParent += code.slice(-1).toLowerCase();
 					}
 					return codeParent;
 				}
 				return null;
 			}
-
-
-
 		</script>
 	</head>
 	<body>
diff --git a/pages/common/eap2020/display-item.htm b/pages/common/eap2020/display-item.htm
index f11dbcf..4f5b795 100644
--- a/pages/common/eap2020/display-item.htm
+++ b/pages/common/eap2020/display-item.htm
@@ -1,20 +1,20 @@
 <!DOCTYPE html>
-<html>
+<html lang="fr">
 	<head>
-		<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
-        <title>EAP - consultation</title>
-        <link href="../commun.css" rel="stylesheet" type="text/css"/>
+		<meta charset="utf-8">
+		<meta name="viewport" content="width=device-width, initial-scale=1.0">
+		<meta name="description" content="EAP - consultation">
+		<title>EAP - consultation</title>
+		<link href="../commun.css" rel="stylesheet" type="text/css"/>
 		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
 		<script>
-			/*
-			var niveau="produits"*/
-			var endpointURL = "http://rdf.insee.fr/sparql";
+			var endpointURL = "https://rdf.insee.fr/sparql";
 			var racine = "http://id.insee.fr/codes/";
-			var nomenclature="eap2020";
-			var regex = new RegExp(racine +nomenclature +"/[A-Z0-9]+/", "g");
+			var nomenclature = "eap2020";
+			var regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
 			var replacement = 'display-item.htm?code=';
-			var itemTypes = ['Produit', 'produit'];//Nom "propre" des différents niveaux 
-			var parentLength = [0,4];//Taille des codes parents (0 si n'existe pas)
+			var itemTypes = ['Produit', 'produit'];
+			var parentLength = [0, 4];
 
 			$(document).ready(function() {
 				var code = getURLParameter('code');
@@ -22,123 +22,135 @@
 				getLabel(code);
 			});
 
+			function escapeHtml(text) {
+				var map = {
+					'&': '&amp;',
+					'<': '&lt;',
+					'>': '&gt;',
+					'"': '&quot;',
+					"'": '&#039;'
+				};
+				return text.replace(/[&<>"']/g, function(m) { return map[m]; });
+			}
+
 			function getLabel(code) {
 				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ";
 				query += "SELECT ?uri ?label WHERE {";
-				query += "GRAPH <http://rdf.insee.fr/graphes/codes/"+nomenclature+"> {";
-				query += "?uri skos:prefLabel ?label ; skos:notation '"+ code;
+				query += "GRAPH <http://rdf.insee.fr/graphes/codes/" + nomenclature + "> {";
+				query += "?uri skos:prefLabel ?label ; skos:notation '" + escapeHtml(code);
 				query += "'. FILTER langMatches (lang(?label), 'fr')}";
-			  query += " . }";
+				query += " . }";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
-					var itemURI = data.results.bindings[0].uri.value;
-					$('#label').html(code + " - " + data.results.bindings[0].label.value);
-					if (code.length>6){
+				$.getJSON(queryURL).done(function(data) {
+					if (data.results.bindings.length > 0) {
+						var itemURI = data.results.bindings[0].uri.value;
+						$('#label').html(escapeHtml(code) + " - " + escapeHtml(data.results.bindings[0].label.value));
+						if (code.length > 6) {
 							getDescription(itemURI);
+						}
+						var childTypeIndex = (code.length == 6 ? 1 : 0);
+						getChildren(itemURI, itemTypes[childTypeIndex]);
+					} else {
+						$('#label').html("<p>Code non trouvé</p>");
 					}
-					var childTypeIndex = (code.length == 6 ? 1 : 0);
-					getChildren(itemURI, itemTypes[childTypeIndex]);
-
-				})
+				}).fail(function() {
+					$('#label').html("<p>Erreur lors de la récupération des données</p>");
+				});
 			}
 
 			function getDescription(itemURI) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + itemURI + ">";
+				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + escapeHtml(itemURI) + ">";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-						"OK"
-				$.getJSON(queryURL).success(function(data) {
+
+				$.getJSON(queryURL).done(function(data) {
 					for (var index = 0; index < data.results.bindings.length; index++) {
 						var bindingObject = data.results.bindings[index];
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale"); // Note générale
-
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale"); // Note générale
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central"); // Contenu central
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite"); // Contenu central
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions"); // Exclusions
-						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques"); // Remarque
+						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale");
+						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions");
+						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques");
 					}
-				})
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function getChildren(itemURI, childType) {
-
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + itemURI + ">  skos:narrower ?child . ";
-				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code"
+				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + escapeHtml(itemURI) + "> skos:narrower ?child . ";
+				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
+				$.getJSON(queryURL).done(function(data) {
 					if (data.results.bindings.length > 0) {
 						var innerHTML = '<p class="nom-enfants">Liste des produits détaillés</p><ul class="enfants">';
 						for (var index = 0; index < data.results.bindings.length; index++) {
 							var childCode = data.results.bindings[index].code.value;
-							innerHTML += '<li><p><a href="'+replacement + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
+							innerHTML += '<li><p><a href="'+ replacement + escapeHtml(childCode) + '">' + escapeHtml(childCode) + ' - ' + escapeHtml(data.results.bindings[index].label.value) + '</a></p></li>';
 						}
 						innerHTML += '</ul>';
 						$('#sous-items').html(innerHTML);
 						$('#sous-items').addClass("sous-items");
 					}
-				})
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function getURLParameter(name) {
-    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20'))||null;
+    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20')) || null;
 			}
 
 			function getNote(uri, tag) {
-
-				var query = 'SELECT ?text WHERE { <' + uri + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }'
+				var query = 'SELECT ?text WHERE { <' + escapeHtml(uri) + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }';
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
-					var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
-					$('#' + tag).append(noteText.replace(/\\\$/g, "<br />"));
-					$('#' + tag).addClass(tag);
-				})
+				$.getJSON(queryURL).done(function(data) {
+					if (data.results.bindings.length > 0) {
+						var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
+						$('#' + tag).append(escapeHtml(noteText).replace(/\\\$/g, "<br />"));
+						$('#' + tag).addClass(tag);
+					}
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function breadcrumbs(code, finalLink) {
+				var niveau;
 				if (code && code.length > 6) {
-					niveau='Produit détaillé ';
-				}else niveau = 'Produit agrégé ';
-				var name = niveau+code;
-				//itemTypes[code.length] + ' ' + code;
+					niveau = 'Produit détaillé ';
+				} else {
+					niveau = 'Produit agrégé ';
+				}
+				var name = escapeHtml(niveau + code);
 				var html;
 				var fin = (finalLink ?
-						('<li><a href="'+ replacement + code +'" title="' + name + '">' + name + '</a></li>')
-						: ('<li>' + name + '</li>')
-					);
+					('<li><a href="'+ replacement + escapeHtml(code) +'" title="' + name + '">' + name + '</a></li>')
+					: ('<li>' + name + '</li>')
+				);
 
 				if (code && code.length <= 6) {
-					html = '<li><a href="eap.htm" title="Accueil">'+nomenclature.toUpperCase()+'</a></li>&nbsp;'	+  fin;
-
-					}
-				else if (code){
-					html =
-					 breadcrumbs(getParentCode(code), true) + '&nbsp;' 	+
-					fin;
-					}
+					html = '<li><a href="eap.htm" title="Accueil">'+ escapeHtml(nomenclature.toUpperCase()) +'</a></li>&nbsp;' + fin;
+				} else if (code) {
+					html = breadcrumbs(getParentCode(code), true) + '&nbsp;' + fin;
+				}
 				return html;
 			}
 
-			/**
-			à partir du code enfant return le code parent
-			**/
 			function getParentCode(code) {
-				//TODO à réécrire pour chaque nomenclature
 				var codeParent;
 				if (code && code.length > 6) {
 					codeParent = code.substr(0, parentLength[1]);
-					if (code.slice(-1).match(/[A-Z]/)){//le dernier élément du code est une lettre
-						codeParent+=code.slice(-1).toLowerCase();
+					if (code.slice(-1).match(/[A-Z]/)) {
+						codeParent += code.slice(-1).toLowerCase();
 					}
 					return codeParent;
 				}
 				return null;
 			}
-
-
-
 		</script>
 	</head>
 	<body>
diff --git a/pages/common/eap2021/display-item.htm b/pages/common/eap2021/display-item.htm
index 822aae7..5ee0dde 100644
--- a/pages/common/eap2021/display-item.htm
+++ b/pages/common/eap2021/display-item.htm
@@ -1,20 +1,20 @@
 <!DOCTYPE html>
-<html>
+<html lang="fr">
 	<head>
-		<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
-        <title>EAP - consultation</title>
-        <link href="../commun.css" rel="stylesheet" type="text/css"/>
+		<meta charset="utf-8">
+		<meta name="viewport" content="width=device-width, initial-scale=1.0">
+		<meta name="description" content="EAP - consultation">
+		<title>EAP - consultation</title>
+		<link href="../commun.css" rel="stylesheet" type="text/css"/>
 		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
 		<script>
-			/*
-			var niveau="produits"*/
 			var endpointURL = "https://rdf.insee.fr/sparql";
 			var racine = "http://id.insee.fr/codes/";
-			var nomenclature="eap2021";
-			var regex = new RegExp(racine +nomenclature +"/[A-Z0-9]+/", "g");
+			var nomenclature = "eap2021";
+			var regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
 			var replacement = 'display-item.htm?code=';
-			var itemTypes = ['Produit', 'produit'];//Nom "propre" des différents niveaux 
-			var parentLength = [0,4];//Taille des codes parents (0 si n'existe pas)
+			var itemTypes = ['Produit', 'produit'];
+			var parentLength = [0, 4];
 
 			$(document).ready(function() {
 				var code = getURLParameter('code');
@@ -22,123 +22,135 @@
 				getLabel(code);
 			});
 
+			function escapeHtml(text) {
+				var map = {
+					'&': '&amp;',
+					'<': '&lt;',
+					'>': '&gt;',
+					'"': '&quot;',
+					"'": '&#039;'
+				};
+				return text.replace(/[&<>"']/g, function(m) { return map[m]; });
+			}
+
 			function getLabel(code) {
 				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ";
 				query += "SELECT ?uri ?label WHERE {";
-				query += "GRAPH <http://rdf.insee.fr/graphes/codes/"+nomenclature+"> {";
-				query += "?uri skos:prefLabel ?label ; skos:notation '"+ code;
+				query += "GRAPH <http://rdf.insee.fr/graphes/codes/" + nomenclature + "> {";
+				query += "?uri skos:prefLabel ?label ; skos:notation '" + escapeHtml(code);
 				query += "'. FILTER langMatches (lang(?label), 'fr')}";
-			  query += " . }";
+				query += " . }";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
-					var itemURI = data.results.bindings[0].uri.value;
-					$('#label').html(code + " - " + data.results.bindings[0].label.value);
-					if (code.length>6){
+				$.getJSON(queryURL).done(function(data) {
+					if (data.results.bindings.length > 0) {
+						var itemURI = data.results.bindings[0].uri.value;
+						$('#label').html(escapeHtml(code) + " - " + escapeHtml(data.results.bindings[0].label.value));
+						if (code.length > 6) {
 							getDescription(itemURI);
+						}
+						var childTypeIndex = (code.length == 6 ? 1 : 0);
+						getChildren(itemURI, itemTypes[childTypeIndex]);
+					} else {
+						$('#label').html("<p>Code non trouvé</p>");
 					}
-					var childTypeIndex = (code.length == 6 ? 1 : 0);
-					getChildren(itemURI, itemTypes[childTypeIndex]);
-
-				})
+				}).fail(function() {
+					$('#label').html("<p>Erreur lors de la récupération des données</p>");
+				});
 			}
 
 			function getDescription(itemURI) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + itemURI + ">";
+				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + escapeHtml(itemURI) + ">";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-						"OK"
-				$.getJSON(queryURL).success(function(data) {
+
+				$.getJSON(queryURL).done(function(data) {
 					for (var index = 0; index < data.results.bindings.length; index++) {
 						var bindingObject = data.results.bindings[index];
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale"); // Note générale
-
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale"); // Note générale
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central"); // Contenu central
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite"); // Contenu central
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions"); // Exclusions
-						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques"); // Remarque
+						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale");
+						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions");
+						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques");
 					}
-				})
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function getChildren(itemURI, childType) {
-
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + itemURI + ">  skos:narrower ?child . ";
-				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code"
+				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + escapeHtml(itemURI) + "> skos:narrower ?child . ";
+				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
+				$.getJSON(queryURL).done(function(data) {
 					if (data.results.bindings.length > 0) {
 						var innerHTML = '<p class="nom-enfants">Liste des produits détaillés</p><ul class="enfants">';
 						for (var index = 0; index < data.results.bindings.length; index++) {
 							var childCode = data.results.bindings[index].code.value;
-							innerHTML += '<li><p><a href="'+replacement + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
+							innerHTML += '<li><p><a href="'+ replacement + escapeHtml(childCode) + '">' + escapeHtml(childCode) + ' - ' + escapeHtml(data.results.bindings[index].label.value) + '</a></p></li>';
 						}
 						innerHTML += '</ul>';
 						$('#sous-items').html(innerHTML);
 						$('#sous-items').addClass("sous-items");
 					}
-				})
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function getURLParameter(name) {
-    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20'))||null;
+    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20')) || null;
 			}
 
 			function getNote(uri, tag) {
-
-				var query = 'SELECT ?text WHERE { <' + uri + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }'
+				var query = 'SELECT ?text WHERE { <' + escapeHtml(uri) + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }';
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
-					var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
-					$('#' + tag).append(noteText.replace(/\\\$/g, "<br />"));
-					$('#' + tag).addClass(tag);
-				})
+				$.getJSON(queryURL).done(function(data) {
+					if (data.results.bindings.length > 0) {
+						var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
+						$('#' + tag).append(escapeHtml(noteText).replace(/\\\$/g, "<br />"));
+						$('#' + tag).addClass(tag);
+					}
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function breadcrumbs(code, finalLink) {
+				var niveau;
 				if (code && code.length > 6) {
-					niveau='Produit détaillé ';
-				}else niveau = 'Produit agrégé ';
-				var name = niveau+code;
-				//itemTypes[code.length] + ' ' + code;
+					niveau = 'Produit détaillé ';
+				} else {
+					niveau = 'Produit agrégé ';
+				}
+				var name = escapeHtml(niveau + code);
 				var html;
 				var fin = (finalLink ?
-						('<li><a href="'+ replacement + code +'" title="' + name + '">' + name + '</a></li>')
-						: ('<li>' + name + '</li>')
-					);
+					('<li><a href="'+ replacement + escapeHtml(code) +'" title="' + name + '">' + name + '</a></li>')
+					: ('<li>' + name + '</li>')
+				);
 
 				if (code && code.length <= 6) {
-					html = '<li><a href="eap.htm" title="Accueil">'+nomenclature.toUpperCase()+'</a></li>&nbsp;'	+  fin;
-
-					}
-				else if (code){
-					html =
-					 breadcrumbs(getParentCode(code), true) + '&nbsp;' 	+
-					fin;
-					}
+					html = '<li><a href="eap.htm" title="Accueil">'+ escapeHtml(nomenclature.toUpperCase()) +'</a></li>&nbsp;' + fin;
+				} else if (code) {
+					html = breadcrumbs(getParentCode(code), true) + '&nbsp;' + fin;
+				}
 				return html;
 			}
 
-			/**
-			à partir du code enfant return le code parent
-			**/
 			function getParentCode(code) {
-				//TODO à réécrire pour chaque nomenclature
 				var codeParent;
 				if (code && code.length > 6) {
 					codeParent = code.substr(0, parentLength[1]);
-					if (code.slice(-1).match(/[A-Z]/)){//le dernier élément du code est une lettre
-						codeParent+=code.slice(-1).toLowerCase();
+					if (code.slice(-1).match(/[A-Z]/)) {
+						codeParent += code.slice(-1).toLowerCase();
 					}
 					return codeParent;
 				}
 				return null;
 			}
-
-
-
 		</script>
 	</head>
 	<body>
diff --git a/pages/common/eap2022/display-item.htm b/pages/common/eap2022/display-item.htm
index 41d49cd..7b2e1e6 100644
--- a/pages/common/eap2022/display-item.htm
+++ b/pages/common/eap2022/display-item.htm
@@ -1,20 +1,20 @@
 <!DOCTYPE html>
-<html>
+<html lang="fr">
 	<head>
-		<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
-        <title>EAP - consultation</title>
-        <link href="../commun.css" rel="stylesheet" type="text/css"/>
+		<meta charset="utf-8">
+		<meta name="viewport" content="width=device-width, initial-scale=1.0">
+		<meta name="description" content="EAP - consultation">
+		<title>EAP - consultation</title>
+		<link href="../commun.css" rel="stylesheet" type="text/css"/>
 		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
 		<script>
-			/*
-			var niveau="produits"*/
 			var endpointURL = "https://rdf.insee.fr/sparql";
 			var racine = "http://id.insee.fr/codes/";
-			var nomenclature="eap2022";
-			var regex = new RegExp(racine +nomenclature +"/[A-Z0-9]+/", "g");
+			var nomenclature = "eap2022";
+			var regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
 			var replacement = 'display-item.htm?code=';
-			var itemTypes = ['Produit', 'produit'];//Nom "propre" des différents niveaux 
-			var parentLength = [0,4];//Taille des codes parents (0 si n'existe pas)
+			var itemTypes = ['Produit', 'produit'];
+			var parentLength = [0, 4];
 
 			$(document).ready(function() {
 				var code = getURLParameter('code');
@@ -22,123 +22,135 @@
 				getLabel(code);
 			});
 
+			function escapeHtml(text) {
+				var map = {
+					'&': '&amp;',
+					'<': '&lt;',
+					'>': '&gt;',
+					'"': '&quot;',
+					"'": '&#039;'
+				};
+				return text.replace(/[&<>"']/g, function(m) { return map[m]; });
+			}
+
 			function getLabel(code) {
 				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ";
 				query += "SELECT ?uri ?label WHERE {";
-				query += "GRAPH <http://rdf.insee.fr/graphes/codes/"+nomenclature+"> {";
-				query += "?uri skos:prefLabel ?label ; skos:notation '"+ code;
+				query += "GRAPH <http://rdf.insee.fr/graphes/codes/" + nomenclature + "> {";
+				query += "?uri skos:prefLabel ?label ; skos:notation '" + escapeHtml(code);
 				query += "'. FILTER langMatches (lang(?label), 'fr')}";
-			  query += " . }";
+				query += " . }";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
-					var itemURI = data.results.bindings[0].uri.value;
-					$('#label').html(code + " - " + data.results.bindings[0].label.value);
-					if (code.length>6){
+				$.getJSON(queryURL).done(function(data) {
+					if (data.results.bindings.length > 0) {
+						var itemURI = data.results.bindings[0].uri.value;
+						$('#label').html(escapeHtml(code) + " - " + escapeHtml(data.results.bindings[0].label.value));
+						if (code.length > 6) {
 							getDescription(itemURI);
+						}
+						var childTypeIndex = (code.length == 6 ? 1 : 0);
+						getChildren(itemURI, itemTypes[childTypeIndex]);
+					} else {
+						$('#label').html("<p>Code non trouvé</p>");
 					}
-					var childTypeIndex = (code.length == 6 ? 1 : 0);
-					getChildren(itemURI, itemTypes[childTypeIndex]);
-
-				})
+				}).fail(function() {
+					$('#label').html("<p>Erreur lors de la récupération des données</p>");
+				});
 			}
 
 			function getDescription(itemURI) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + itemURI + ">";
+				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + escapeHtml(itemURI) + ">";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-						"OK"
-				$.getJSON(queryURL).success(function(data) {
+
+				$.getJSON(queryURL).done(function(data) {
 					for (var index = 0; index < data.results.bindings.length; index++) {
 						var bindingObject = data.results.bindings[index];
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale"); // Note générale
-
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale"); // Note générale
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central"); // Contenu central
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite"); // Contenu central
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions"); // Exclusions
-						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques"); // Remarque
+						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale");
+						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions");
+						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques");
 					}
-				})
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function getChildren(itemURI, childType) {
-
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + itemURI + ">  skos:narrower ?child . ";
-				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code"
+				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + escapeHtml(itemURI) + "> skos:narrower ?child . ";
+				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
+				$.getJSON(queryURL).done(function(data) {
 					if (data.results.bindings.length > 0) {
 						var innerHTML = '<p class="nom-enfants">Liste des produits détaillés</p><ul class="enfants">';
 						for (var index = 0; index < data.results.bindings.length; index++) {
 							var childCode = data.results.bindings[index].code.value;
-							innerHTML += '<li><p><a href="'+replacement + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
+							innerHTML += '<li><p><a href="'+ replacement + escapeHtml(childCode) + '">' + escapeHtml(childCode) + ' - ' + escapeHtml(data.results.bindings[index].label.value) + '</a></p></li>';
 						}
 						innerHTML += '</ul>';
 						$('#sous-items').html(innerHTML);
 						$('#sous-items').addClass("sous-items");
 					}
-				})
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function getURLParameter(name) {
-    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20'))||null;
+    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20')) || null;
 			}
 
 			function getNote(uri, tag) {
-
-				var query = 'SELECT ?text WHERE { <' + uri + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }'
+				var query = 'SELECT ?text WHERE { <' + escapeHtml(uri) + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }';
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
-					var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
-					$('#' + tag).append(noteText.replace(/\\\$/g, "<br />"));
-					$('#' + tag).addClass(tag);
-				})
+				$.getJSON(queryURL).done(function(data) {
+					if (data.results.bindings.length > 0) {
+						var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
+						$('#' + tag).append(escapeHtml(noteText).replace(/\\\$/g, "<br />"));
+						$('#' + tag).addClass(tag);
+					}
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function breadcrumbs(code, finalLink) {
+				var niveau;
 				if (code && code.length > 6) {
-					niveau='Produit détaillé ';
-				}else niveau = 'Produit agrégé ';
-				var name = niveau+code;
-				//itemTypes[code.length] + ' ' + code;
+					niveau = 'Produit détaillé ';
+				} else {
+					niveau = 'Produit agrégé ';
+				}
+				var name = escapeHtml(niveau + code);
 				var html;
 				var fin = (finalLink ?
-						('<li><a href="'+ replacement + code +'" title="' + name + '">' + name + '</a></li>')
-						: ('<li>' + name + '</li>')
-					);
+					('<li><a href="'+ replacement + escapeHtml(code) +'" title="' + name + '">' + name + '</a></li>')
+					: ('<li>' + name + '</li>')
+				);
 
 				if (code && code.length <= 6) {
-					html = '<li><a href="eap.htm" title="Accueil">'+nomenclature.toUpperCase()+'</a></li>&nbsp;'	+  fin;
-
-					}
-				else if (code){
-					html =
-					 breadcrumbs(getParentCode(code), true) + '&nbsp;' 	+
-					fin;
-					}
+					html = '<li><a href="eap.htm" title="Accueil">'+ escapeHtml(nomenclature.toUpperCase()) +'</a></li>&nbsp;' + fin;
+				} else if (code) {
+					html = breadcrumbs(getParentCode(code), true) + '&nbsp;' + fin;
+				}
 				return html;
 			}
 
-			/**
-			à partir du code enfant return le code parent
-			**/
 			function getParentCode(code) {
-				//TODO à réécrire pour chaque nomenclature
 				var codeParent;
 				if (code && code.length > 6) {
 					codeParent = code.substr(0, parentLength[1]);
-					if (code.slice(-1).match(/[A-Z]/)){//le dernier élément du code est une lettre
-						codeParent+=code.slice(-1).toLowerCase();
+					if (code.slice(-1).match(/[A-Z]/)) {
+						codeParent += code.slice(-1).toLowerCase();
 					}
 					return codeParent;
 				}
 				return null;
 			}
-
-
-
 		</script>
 	</head>
 	<body>
diff --git a/pages/common/eap2023/display-item.htm b/pages/common/eap2023/display-item.htm
index 874948d..b41b958 100644
--- a/pages/common/eap2023/display-item.htm
+++ b/pages/common/eap2023/display-item.htm
@@ -1,20 +1,20 @@
 <!DOCTYPE html>
-<html>
+<html lang="fr">
 	<head>
-		<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
-        <title>EAP - consultation</title>
-        <link href="../commun.css" rel="stylesheet" type="text/css"/>
+		<meta charset="utf-8">
+		<meta name="viewport" content="width=device-width, initial-scale=1.0">
+		<meta name="description" content="EAP - consultation">
+		<title>EAP - consultation</title>
+		<link href="../commun.css" rel="stylesheet" type="text/css"/>
 		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
 		<script>
-			/*
-			var niveau="produits"*/
 			var endpointURL = "https://rdf.insee.fr/sparql";
 			var racine = "http://id.insee.fr/codes/";
-			var nomenclature="eap2023";
-			var regex = new RegExp(racine +nomenclature +"/[A-Z0-9]+/", "g");
+			var nomenclature = "eap2023";
+			var regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
 			var replacement = 'display-item.htm?code=';
-			var itemTypes = ['Produit', 'produit'];//Nom "propre" des différents niveaux 
-			var parentLength = [0,4];//Taille des codes parents (0 si n'existe pas)
+			var itemTypes = ['Produit', 'produit'];
+			var parentLength = [0, 4];
 
 			$(document).ready(function() {
 				var code = getURLParameter('code');
@@ -22,123 +22,135 @@
 				getLabel(code);
 			});
 
+			function escapeHtml(text) {
+				var map = {
+					'&': '&amp;',
+					'<': '&lt;',
+					'>': '&gt;',
+					'"': '&quot;',
+					"'": '&#039;'
+				};
+				return text.replace(/[&<>"']/g, function(m) { return map[m]; });
+			}
+
 			function getLabel(code) {
 				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ";
 				query += "SELECT ?uri ?label WHERE {";
-				query += "GRAPH <http://rdf.insee.fr/graphes/codes/"+nomenclature+"> {";
-				query += "?uri skos:prefLabel ?label ; skos:notation '"+ code;
+				query += "GRAPH <http://rdf.insee.fr/graphes/codes/" + nomenclature + "> {";
+				query += "?uri skos:prefLabel ?label ; skos:notation '" + escapeHtml(code);
 				query += "'. FILTER langMatches (lang(?label), 'fr')}";
-			  query += " . }";
+				query += " . }";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
-					var itemURI = data.results.bindings[0].uri.value;
-					$('#label').html(code + " - " + data.results.bindings[0].label.value);
-					if (code.length>6){
+				$.getJSON(queryURL).done(function(data) {
+					if (data.results.bindings.length > 0) {
+						var itemURI = data.results.bindings[0].uri.value;
+						$('#label').html(escapeHtml(code) + " - " + escapeHtml(data.results.bindings[0].label.value));
+						if (code.length > 6) {
 							getDescription(itemURI);
+						}
+						var childTypeIndex = (code.length == 6 ? 1 : 0);
+						getChildren(itemURI, itemTypes[childTypeIndex]);
+					} else {
+						$('#label').html("<p>Code non trouvé</p>");
 					}
-					var childTypeIndex = (code.length == 6 ? 1 : 0);
-					getChildren(itemURI, itemTypes[childTypeIndex]);
-
-				})
+				}).fail(function() {
+					$('#label').html("<p>Erreur lors de la récupération des données</p>");
+				});
 			}
 
 			function getDescription(itemURI) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + itemURI + ">";
+				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + escapeHtml(itemURI) + ">";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-						"OK"
-				$.getJSON(queryURL).success(function(data) {
+
+				$.getJSON(queryURL).done(function(data) {
 					for (var index = 0; index < data.results.bindings.length; index++) {
 						var bindingObject = data.results.bindings[index];
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale"); // Note générale
-
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale"); // Note générale
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central"); // Contenu central
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite"); // Contenu central
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions"); // Exclusions
-						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques"); // Remarque
+						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale");
+						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions");
+						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques");
 					}
-				})
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function getChildren(itemURI, childType) {
-
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + itemURI + ">  skos:narrower ?child . ";
-				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code"
+				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + escapeHtml(itemURI) + "> skos:narrower ?child . ";
+				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
+				$.getJSON(queryURL).done(function(data) {
 					if (data.results.bindings.length > 0) {
 						var innerHTML = '<p class="nom-enfants">Liste des produits détaillés</p><ul class="enfants">';
 						for (var index = 0; index < data.results.bindings.length; index++) {
 							var childCode = data.results.bindings[index].code.value;
-							innerHTML += '<li><p><a href="'+replacement + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
+							innerHTML += '<li><p><a href="' + replacement + escapeHtml(childCode) + '">' + escapeHtml(childCode) + ' - ' + escapeHtml(data.results.bindings[index].label.value) + '</a></p></li>';
 						}
 						innerHTML += '</ul>';
 						$('#sous-items').html(innerHTML);
 						$('#sous-items').addClass("sous-items");
 					}
-				})
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function getURLParameter(name) {
-    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20'))||null;
+    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20')) || null;
 			}
 
 			function getNote(uri, tag) {
-
-				var query = 'SELECT ?text WHERE { <' + uri + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }'
+				var query = 'SELECT ?text WHERE { <' + escapeHtml(uri) + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }';
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
-					var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
-					$('#' + tag).append(noteText.replace(/\\\$/g, "<br />"));
-					$('#' + tag).addClass(tag);
-				})
+				$.getJSON(queryURL).done(function(data) {
+					if (data.results.bindings.length > 0) {
+						var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
+						$('#' + tag).append(escapeHtml(noteText).replace(/\\\$/g, "<br />"));
+						$('#' + tag).addClass(tag);
+					}
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function breadcrumbs(code, finalLink) {
+				var niveau;
 				if (code && code.length > 6) {
-					niveau='Produit détaillé ';
-				}else niveau = 'Produit agrégé ';
-				var name = niveau+code;
-				//itemTypes[code.length] + ' ' + code;
+					niveau = 'Produit détaillé ';
+				} else {
+					niveau = 'Produit agrégé ';
+				}
+				var name = escapeHtml(niveau + code);
 				var html;
 				var fin = (finalLink ?
-						('<li><a href="'+ replacement + code +'" title="' + name + '">' + name + '</a></li>')
-						: ('<li>' + name + '</li>')
-					);
+					('<li><a href="' + replacement + escapeHtml(code) + '" title="' + name + '">' + name + '</a></li>')
+					: ('<li>' + name + '</li>')
+				);
 
 				if (code && code.length <= 6) {
-					html = '<li><a href="eap.htm" title="Accueil">'+nomenclature.toUpperCase()+'</a></li>&nbsp;'	+  fin;
-
-					}
-				else if (code){
-					html =
-					 breadcrumbs(getParentCode(code), true) + '&nbsp;' 	+
-					fin;
-					}
+					html = '<li><a href="eap.htm" title="Accueil">' + escapeHtml(nomenclature.toUpperCase()) + '</a></li>&nbsp;' + fin;
+				} else if (code) {
+					html = breadcrumbs(getParentCode(code), true) + '&nbsp;' + fin;
+				}
 				return html;
 			}
 
-			/**
-			à partir du code enfant return le code parent
-			**/
 			function getParentCode(code) {
-				//TODO à réécrire pour chaque nomenclature
 				var codeParent;
 				if (code && code.length > 6) {
 					codeParent = code.substr(0, parentLength[1]);
-					if (code.slice(-1).match(/[A-Z]/)){//le dernier élément du code est une lettre
-						codeParent+=code.slice(-1).toLowerCase();
+					if (code.slice(-1).match(/[A-Z]/)) {
+						codeParent += code.slice(-1).toLowerCase();
 					}
 					return codeParent;
 				}
 				return null;
 			}
-
-
-
 		</script>
 	</head>
 	<body>
diff --git a/pages/common/emb2018/display-item.htm b/pages/common/emb2018/display-item.htm
index fac873c..c59657f 100644
--- a/pages/common/emb2018/display-item.htm
+++ b/pages/common/emb2018/display-item.htm
@@ -1,151 +1,163 @@
 <!DOCTYPE html>
-<html>
+<html lang="fr">
 	<head>
-		<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
-        <title>EMB - consultation</title>
-        <link href="../commun.css" rel="stylesheet" type="text/css"/>
+		<meta charset="utf-8">
+		<meta name="viewport" content="width=device-width, initial-scale=1.0">
+		<meta name="description" content="EMB - consultation">
+		<title>EMB - consultation</title>
+		<link href="../commun.css" rel="stylesheet" type="text/css"/>
 		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
 		<script>
-			/*
-			var niveau="produits"*/
-			var endpointURL = "http://rdf.insee.fr/sparql";
+			var endpointURL = "https://rdf.insee.fr/sparql";
 			var racine = "http://id.insee.fr/codes/";
-			var nomenclature="emb2018";
-			var regex = new RegExp(racine +nomenclature +"/[A-Z0-9]+/", "g");
+			var nomenclature = "emb2018";
+			var regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
 			var replacement = 'display-item.htm?code=';
-			var itemTypes = ['Activité de la NAF', 'Produit'];//Nom "propre" des différents niveaux 
-			var parentLength = [0,5];//Taille des codes parents (0 si n'existe pas)
+			var itemTypes = ['Activité de la NAF', 'Produit'];
+			var parentLength = [0, 5];
 
 			$(document).ready(function() {
 				var codeAAffiche = getURLParameter('code');
 				var code;
-				if (codeAAffiche.length<6){
+				if (codeAAffiche.length < 6) {
 					code = codeAAffiche.substring(0, 2) + "." + codeAAffiche.substring(2);
-				}else{ code = codeAAffiche;}
+				} else {
+					code = codeAAffiche;
+				}
 				$('#fil-ariane').html('<ul>' + breadcrumbs(code, false) + '</ul>');
 				getLabel(code);
 			});
 
+			function escapeHtml(text) {
+				var map = {
+					'&': '&amp;',
+					'<': '&lt;',
+					'>': '&gt;',
+					'"': '&quot;',
+					"'": '&#039;'
+				};
+				return text.replace(/[&<>"']/g, function(m) { return map[m]; });
+			}
+
 			function getLabel(code) {
 				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ";
 				query += "SELECT ?uri ?label WHERE {";
-				//query += "GRAPH <http://rdf.insee.fr/graphes/codes/"+nomenclature+"> {";
-				query += "?uri skos:prefLabel ?label ; skos:notation '"+ code;
+				query += "?uri skos:prefLabel ?label ; skos:notation '" + escapeHtml(code);
 				query += "'. FILTER langMatches (lang(?label), 'fr')}";
-			  //query += " . }";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-				var codeAAffiche = code.replace(".","") ;
-				$.getJSON(queryURL).success(function(data) {
-					var itemURI = data.results.bindings[0].uri.value;
-					$('#label').html(codeAAffiche + " - " + data.results.bindings[0].label.value);
-					if (code.length>6){
+				var codeAAffiche = code.replace(".", "");
+
+				$.getJSON(queryURL).done(function(data) {
+					if (data.results.bindings.length > 0) {
+						var itemURI = data.results.bindings[0].uri.value;
+						$('#label').html(escapeHtml(codeAAffiche) + " - " + escapeHtml(data.results.bindings[0].label.value));
+						if (code.length > 6) {
 							getDescription(itemURI);
-					}else{
-						var childTypeIndex = (code.length == 6 ? 1 : 0);
-						getChildren(itemURI, itemTypes[childTypeIndex]);
+						} else {
+							var childTypeIndex = (code.length == 6 ? 1 : 0);
+							getChildren(itemURI, itemTypes[childTypeIndex]);
+						}
+					} else {
+						$('#label').html("<p>Code non trouvé</p>");
 					}
-
-				})
+				}).fail(function() {
+					$('#label').html("<p>Erreur lors de la récupération des données</p>");
+				});
 			}
 
 			function getDescription(itemURI) {
 				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + itemURI + ">";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-						"OK"
-				$.getJSON(queryURL).success(function(data) {
+
+				$.getJSON(queryURL).done(function(data) {
 					for (var index = 0; index < data.results.bindings.length; index++) {
 						var bindingObject = data.results.bindings[index];
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale"); // Note générale
-
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale"); // Note générale
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central"); // Contenu central
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite"); // Contenu central
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions"); // Exclusions
-						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques"); // Remarque
+						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale");
+						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions");
+						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques");
 					}
-				})
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function getChildren(itemURI, childType) {
-
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + itemURI + ">  skos:relatedMatch ?child . ";
-				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code"
+				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + escapeHtml(itemURI) + "> skos:relatedMatch ?child . ";
+				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
+				$.getJSON(queryURL).done(function(data) {
 					if (data.results.bindings.length > 0) {
-						var innerHTML = '<p class="nom-enfants">' + childType + (data.results.bindings.length > 1 ? 's' : '') + '</p><ul class="enfants">';
+						var innerHTML = '<p class="nom-enfants">' + escapeHtml(childType) + (data.results.bindings.length > 1 ? 's' : '') + '</p><ul class="enfants">';
 						for (var index = 0; index < data.results.bindings.length; index++) {
 							var childCode = data.results.bindings[index].code.value;
-							innerHTML += '<li><p><a href="'+replacement + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
+							innerHTML += '<li><p><a href="' + replacement + escapeHtml(childCode) + '">' + escapeHtml(childCode) + ' - ' + escapeHtml(data.results.bindings[index].label.value) + '</a></p></li>';
 						}
 						innerHTML += '</ul>';
 						$('#sous-items').html(innerHTML);
 						$('#sous-items').addClass("sous-items");
 					}
-				})
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function getURLParameter(name) {
-    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20'))||null;
+    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20')) || null;
 			}
 
 			function getNote(uri, tag) {
-
-				var query = 'SELECT ?text WHERE { <' + uri + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }'
+				var query = 'SELECT ?text WHERE { <' + escapeHtml(uri) + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }';
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
-					var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
-					$('#' + tag).append(noteText.replace(/\\\$/g, "<br />"));
-					$('#' + tag).addClass(tag);
-				})
+				$.getJSON(queryURL).done(function(data) {
+					if (data.results.bindings.length > 0) {
+						var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
+						$('#' + tag).append(escapeHtml(noteText).replace(/\\\$/g, "<br />"));
+						$('#' + tag).addClass(tag);
+					}
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function breadcrumbs(code, finalLink) {
-				var codeAAffiche ;
+				var codeAAffiche;
+				var niveau;
 				if (code && code.length > 6) {
-					niveau='Produit ';
+					niveau = 'Produit ';
 					codeAAffiche = code;
-				}else {
+				} else {
 					niveau = 'Activité ';
-					codeAAffiche = code.replace(".","") ;
+					codeAAffiche = code.replace(".", "");
 				}
-				var name = niveau+codeAAffiche;
-				//itemTypes[code.length] + ' ' + code;
+				var name = escapeHtml(niveau + codeAAffiche);
 				var html;
 				var fin = (finalLink ?
-						('<li><a href="'+ replacement + codeAAffiche +'" title="' + name + '">' + name + '</a></li>')
-						: ('<li>' + name + '</li>')
-					);
+					('<li><a href="' + replacement + escapeHtml(codeAAffiche) + '" title="' + name + '">' + name + '</a></li>')
+					: ('<li>' + name + '</li>')
+				);
 
 				if (code && code.length == 6) {
-					html = '<li><a href="emb.htm" title="Accueil">'+nomenclature.toUpperCase()+'</a></li>&nbsp;'	+  fin;
-					}
-				else if (code){
-					html =
-					 breadcrumbs(getParentCode(code), true) + '&nbsp;' 	+
-					fin;
-					}
+					html = '<li><a href="emb.htm" title="Accueil">' + escapeHtml(nomenclature.toUpperCase()) + '</a></li>&nbsp;' + fin;
+				} else if (code) {
+					html = breadcrumbs(getParentCode(code), true) + '&nbsp;' + fin;
+				}
 				return html;
 			}
 
-			/**
-			à partir du code enfant return le code parent
-			**/
 			function getParentCode(code) {
-				//TODO à réécrire pour chaque nomenclature
 				var codeParent;
 				if (code && code.length > 6) {
-					var  codeParentSansPoint = code.substr(0, parentLength[1]);
+					var codeParentSansPoint = code.substr(0, parentLength[1]);
 					codeParent = codeParentSansPoint.substring(0, 2) + "." + codeParentSansPoint.substring(2);
 					return codeParent;
 				}
 				return null;
 			}
-
-
-
 		</script>
 	</head>
 	<body>
diff --git a/pages/common/emb2019/display-item.htm b/pages/common/emb2019/display-item.htm
index e7d5b32..b8d4347 100644
--- a/pages/common/emb2019/display-item.htm
+++ b/pages/common/emb2019/display-item.htm
@@ -1,151 +1,163 @@
 <!DOCTYPE html>
-<html>
+<html lang="fr">
 	<head>
-		<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
-        <title>EMB - consultation</title>
-        <link href="../commun.css" rel="stylesheet" type="text/css"/>
+		<meta charset="utf-8">
+		<meta name="viewport" content="width=device-width, initial-scale=1.0">
+		<meta name="description" content="EMB - consultation">
+		<title>EMB - consultation</title>
+		<link href="../commun.css" rel="stylesheet" type="text/css"/>
 		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
 		<script>
-			/*
-			var niveau="produits"*/
-			var endpointURL = "http://rdf.insee.fr/sparql";
+			var endpointURL = "https://rdf.insee.fr/sparql";
 			var racine = "http://id.insee.fr/codes/";
-			var nomenclature="emb2019";
-			var regex = new RegExp(racine +nomenclature +"/[A-Z0-9]+/", "g");
+			var nomenclature = "emb2019";
+			var regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
 			var replacement = 'display-item.htm?code=';
-			var itemTypes = ['Activité de la NAF', 'Produit'];//Nom "propre" des différents niveaux 
-			var parentLength = [0,5];//Taille des codes parents (0 si n'existe pas)
+			var itemTypes = ['Activité de la NAF', 'Produit'];
+			var parentLength = [0, 5];
 
 			$(document).ready(function() {
 				var codeAAffiche = getURLParameter('code');
 				var code;
-				if (codeAAffiche.length<6){
+				if (codeAAffiche.length < 6) {
 					code = codeAAffiche.substring(0, 2) + "." + codeAAffiche.substring(2);
-				}else{ code = codeAAffiche;}
+				} else {
+					code = codeAAffiche;
+				}
 				$('#fil-ariane').html('<ul>' + breadcrumbs(code, false) + '</ul>');
 				getLabel(code);
 			});
 
+			function escapeHtml(text) {
+				var map = {
+					'&': '&amp;',
+					'<': '&lt;',
+					'>': '&gt;',
+					'"': '&quot;',
+					"'": '&#039;'
+				};
+				return text.replace(/[&<>"']/g, function(m) { return map[m]; });
+			}
+
 			function getLabel(code) {
 				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ";
 				query += "SELECT ?uri ?label WHERE {";
-				//query += "GRAPH <http://rdf.insee.fr/graphes/codes/"+nomenclature+"> {";
-				query += "?uri skos:prefLabel ?label ; skos:notation '"+ code;
+				query += "?uri skos:prefLabel ?label ; skos:notation '" + escapeHtml(code);
 				query += "'. FILTER langMatches (lang(?label), 'fr')}";
-			  //query += " . }";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-				var codeAAffiche = code.replace(".","") ;
-				$.getJSON(queryURL).success(function(data) {
-					var itemURI = data.results.bindings[0].uri.value;
-					$('#label').html(codeAAffiche + " - " + data.results.bindings[0].label.value);
-					if (code.length>6){
+				var codeAAffiche = code.replace(".", "");
+
+				$.getJSON(queryURL).done(function(data) {
+					if (data.results.bindings.length > 0) {
+						var itemURI = data.results.bindings[0].uri.value;
+						$('#label').html(escapeHtml(codeAAffiche) + " - " + escapeHtml(data.results.bindings[0].label.value));
+						if (code.length > 6) {
 							getDescription(itemURI);
-					}else{
-						var childTypeIndex = (code.length == 6 ? 1 : 0);
-						getChildren(itemURI, itemTypes[childTypeIndex]);
+						} else {
+							var childTypeIndex = (code.length == 6 ? 1 : 0);
+							getChildren(itemURI, itemTypes[childTypeIndex]);
+						}
+					} else {
+						$('#label').html("<p>Code non trouvé</p>");
 					}
-
-				})
+				}).fail(function() {
+					$('#label').html("<p>Erreur lors de la récupération des données</p>");
+				});
 			}
 
 			function getDescription(itemURI) {
 				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + itemURI + ">";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-						"OK"
-				$.getJSON(queryURL).success(function(data) {
+
+				$.getJSON(queryURL).done(function(data) {
 					for (var index = 0; index < data.results.bindings.length; index++) {
 						var bindingObject = data.results.bindings[index];
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale"); // Note générale
-
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale"); // Note générale
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central"); // Contenu central
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite"); // Contenu central
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions"); // Exclusions
-						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques"); // Remarque
+						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale");
+						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions");
+						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques");
 					}
-				})
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function getChildren(itemURI, childType) {
-
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + itemURI + ">  skos:relatedMatch ?child . ";
-				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code"
+				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + escapeHtml(itemURI) + "> skos:relatedMatch ?child . ";
+				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
+				$.getJSON(queryURL).done(function(data) {
 					if (data.results.bindings.length > 0) {
-						var innerHTML = '<p class="nom-enfants">' + childType + (data.results.bindings.length > 1 ? 's' : '') + '</p><ul class="enfants">';
+						var innerHTML = '<p class="nom-enfants">' + escapeHtml(childType) + (data.results.bindings.length > 1 ? 's' : '') + '</p><ul class="enfants">';
 						for (var index = 0; index < data.results.bindings.length; index++) {
 							var childCode = data.results.bindings[index].code.value;
-							innerHTML += '<li><p><a href="'+replacement + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
+							innerHTML += '<li><p><a href="' + replacement + escapeHtml(childCode) + '">' + escapeHtml(childCode) + ' - ' + escapeHtml(data.results.bindings[index].label.value) + '</a></p></li>';
 						}
 						innerHTML += '</ul>';
 						$('#sous-items').html(innerHTML);
 						$('#sous-items').addClass("sous-items");
 					}
-				})
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function getURLParameter(name) {
-    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20'))||null;
+    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20')) || null;
 			}
 
 			function getNote(uri, tag) {
-
-				var query = 'SELECT ?text WHERE { <' + uri + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }'
+				var query = 'SELECT ?text WHERE { <' + escapeHtml(uri) + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }';
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
-					var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
-					$('#' + tag).append(noteText.replace(/\\\$/g, "<br />"));
-					$('#' + tag).addClass(tag);
-				})
+				$.getJSON(queryURL).done(function(data) {
+					if (data.results.bindings.length > 0) {
+						var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
+						$('#' + tag).append(escapeHtml(noteText).replace(/\\\$/g, "<br />"));
+						$('#' + tag).addClass(tag);
+					}
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function breadcrumbs(code, finalLink) {
-				var codeAAffiche ;
+				var codeAAffiche;
+				var niveau;
 				if (code && code.length > 6) {
-					niveau='Produit ';
+					niveau = 'Produit ';
 					codeAAffiche = code;
-				}else {
+				} else {
 					niveau = 'Activité ';
-					codeAAffiche = code.replace(".","") ;
+					codeAAffiche = code.replace(".", "");
 				}
-				var name = niveau+codeAAffiche;
-				//itemTypes[code.length] + ' ' + code;
+				var name = escapeHtml(niveau + codeAAffiche);
 				var html;
 				var fin = (finalLink ?
-						('<li><a href="'+ replacement + codeAAffiche +'" title="' + name + '">' + name + '</a></li>')
-						: ('<li>' + name + '</li>')
-					);
+					('<li><a href="' + replacement + escapeHtml(codeAAffiche) + '" title="' + name + '">' + name + '</a></li>')
+					: ('<li>' + name + '</li>')
+				);
 
 				if (code && code.length == 6) {
-					html = '<li><a href="emb.htm" title="Accueil">'+nomenclature.toUpperCase()+'</a></li>&nbsp;'	+  fin;
-					}
-				else if (code){
-					html =
-					 breadcrumbs(getParentCode(code), true) + '&nbsp;' 	+
-					fin;
-					}
+					html = '<li><a href="emb.htm" title="Accueil">' + escapeHtml(nomenclature.toUpperCase()) + '</a></li>&nbsp;' + fin;
+				} else if (code) {
+					html = breadcrumbs(getParentCode(code), true) + '&nbsp;' + fin;
+				}
 				return html;
 			}
 
-			/**
-			à partir du code enfant return le code parent
-			**/
 			function getParentCode(code) {
-				//TODO à réécrire pour chaque nomenclature
 				var codeParent;
 				if (code && code.length > 6) {
-					var  codeParentSansPoint = code.substr(0, parentLength[1]);
+					var codeParentSansPoint = code.substr(0, parentLength[1]);
 					codeParent = codeParentSansPoint.substring(0, 2) + "." + codeParentSansPoint.substring(2);
 					return codeParent;
 				}
 				return null;
 			}
-
-
-
 		</script>
 	</head>
 	<body>
diff --git a/pages/common/emb2020/display-item.htm b/pages/common/emb2020/display-item.htm
index 2cffa4f..1e5a130 100644
--- a/pages/common/emb2020/display-item.htm
+++ b/pages/common/emb2020/display-item.htm
@@ -1,151 +1,163 @@
 <!DOCTYPE html>
-<html>
+<html lang="fr">
 	<head>
-		<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
-        <title>EMB - consultation</title>
-        <link href="../commun.css" rel="stylesheet" type="text/css"/>
+		<meta charset="utf-8">
+		<meta name="viewport" content="width=device-width, initial-scale=1.0">
+		<meta name="description" content="EMB - consultation">
+		<title>EMB - consultation</title>
+		<link href="../commun.css" rel="stylesheet" type="text/css"/>
 		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
 		<script>
-			/*
-			var niveau="produits"*/
-			var endpointURL = "http://rdf.insee.fr/sparql";
+			var endpointURL = "https://rdf.insee.fr/sparql";
 			var racine = "http://id.insee.fr/codes/";
-			var nomenclature="emb2020";
-			var regex = new RegExp(racine +nomenclature +"/[A-Z0-9]+/", "g");
+			var nomenclature = "emb2020";
+			var regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
 			var replacement = 'display-item.htm?code=';
-			var itemTypes = ['Activité de la NAF', 'Produit'];//Nom "propre" des différents niveaux 
-			var parentLength = [0,5];//Taille des codes parents (0 si n'existe pas)
+			var itemTypes = ['Activité de la NAF', 'Produit'];
+			var parentLength = [0, 5];
 
 			$(document).ready(function() {
 				var codeAAffiche = getURLParameter('code');
 				var code;
-				if (codeAAffiche.length<6){
+				if (codeAAffiche.length < 6) {
 					code = codeAAffiche.substring(0, 2) + "." + codeAAffiche.substring(2);
-				}else{ code = codeAAffiche;}
+				} else {
+					code = codeAAffiche;
+				}
 				$('#fil-ariane').html('<ul>' + breadcrumbs(code, false) + '</ul>');
 				getLabel(code);
 			});
 
+			function escapeHtml(text) {
+				var map = {
+					'&': '&amp;',
+					'<': '&lt;',
+					'>': '&gt;',
+					'"': '&quot;',
+					"'": '&#039;'
+				};
+				return text.replace(/[&<>"']/g, function(m) { return map[m]; });
+			}
+
 			function getLabel(code) {
 				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ";
 				query += "SELECT ?uri ?label WHERE {";
-				//query += "GRAPH <http://rdf.insee.fr/graphes/codes/"+nomenclature+"> {";
-				query += "?uri skos:prefLabel ?label ; skos:notation '"+ code;
+				query += "?uri skos:prefLabel ?label ; skos:notation '" + escapeHtml(code);
 				query += "'. FILTER langMatches (lang(?label), 'fr')}";
-			  //query += " . }";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-				var codeAAffiche = code.replace(".","") ;
-				$.getJSON(queryURL).success(function(data) {
-					var itemURI = data.results.bindings[0].uri.value;
-					$('#label').html(codeAAffiche + " - " + data.results.bindings[0].label.value);
-					if (code.length>6){
+				var codeAAffiche = code.replace(".", "");
+
+				$.getJSON(queryURL).done(function(data) {
+					if (data.results.bindings.length > 0) {
+						var itemURI = data.results.bindings[0].uri.value;
+						$('#label').html(escapeHtml(codeAAffiche) + " - " + escapeHtml(data.results.bindings[0].label.value));
+						if (code.length > 6) {
 							getDescription(itemURI);
-					}else{
-						var childTypeIndex = (code.length == 6 ? 1 : 0);
-						getChildren(itemURI, itemTypes[childTypeIndex]);
+						} else {
+							var childTypeIndex = (code.length == 6 ? 1 : 0);
+							getChildren(itemURI, itemTypes[childTypeIndex]);
+						}
+					} else {
+						$('#label').html("<p>Code non trouvé</p>");
 					}
-
-				})
+				}).fail(function() {
+					$('#label').html("<p>Erreur lors de la récupération des données</p>");
+				});
 			}
 
 			function getDescription(itemURI) {
 				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + itemURI + ">";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-						"OK"
-				$.getJSON(queryURL).success(function(data) {
+
+				$.getJSON(queryURL).done(function(data) {
 					for (var index = 0; index < data.results.bindings.length; index++) {
 						var bindingObject = data.results.bindings[index];
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale"); // Note générale
-
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale"); // Note générale
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central"); // Contenu central
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite"); // Contenu central
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions"); // Exclusions
-						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques"); // Remarque
+						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale");
+						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions");
+						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques");
 					}
-				})
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function getChildren(itemURI, childType) {
-
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + itemURI + ">  skos:relatedMatch ?child . ";
-				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code"
+				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + escapeHtml(itemURI) + "> skos:relatedMatch ?child . ";
+				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
+				$.getJSON(queryURL).done(function(data) {
 					if (data.results.bindings.length > 0) {
-						var innerHTML = '<p class="nom-enfants">' + childType + (data.results.bindings.length > 1 ? 's' : '') + '</p><ul class="enfants">';
+						var innerHTML = '<p class="nom-enfants">' + escapeHtml(childType) + (data.results.bindings.length > 1 ? 's' : '') + '</p><ul class="enfants">';
 						for (var index = 0; index < data.results.bindings.length; index++) {
 							var childCode = data.results.bindings[index].code.value;
-							innerHTML += '<li><p><a href="'+replacement + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
+							innerHTML += '<li><p><a href="' + replacement + escapeHtml(childCode) + '">' + escapeHtml(childCode) + ' - ' + escapeHtml(data.results.bindings[index].label.value) + '</a></p></li>';
 						}
 						innerHTML += '</ul>';
 						$('#sous-items').html(innerHTML);
 						$('#sous-items').addClass("sous-items");
 					}
-				})
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function getURLParameter(name) {
-    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20'))||null;
+    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20')) || null;
 			}
 
 			function getNote(uri, tag) {
-
-				var query = 'SELECT ?text WHERE { <' + uri + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }'
+				var query = 'SELECT ?text WHERE { <' + escapeHtml(uri) + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }';
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
-					var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
-					$('#' + tag).append(noteText.replace(/\\\$/g, "<br />"));
-					$('#' + tag).addClass(tag);
-				})
+				$.getJSON(queryURL).done(function(data) {
+					if (data.results.bindings.length > 0) {
+						var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
+						$('#' + tag).append(escapeHtml(noteText).replace(/\\\$/g, "<br />"));
+						$('#' + tag).addClass(tag);
+					}
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function breadcrumbs(code, finalLink) {
-				var codeAAffiche ;
+				var codeAAffiche;
+				var niveau;
 				if (code && code.length > 6) {
-					niveau='Produit ';
+					niveau = 'Produit ';
 					codeAAffiche = code;
-				}else {
+				} else {
 					niveau = 'Activité ';
-					codeAAffiche = code.replace(".","") ;
+					codeAAffiche = code.replace(".", "");
 				}
-				var name = niveau+codeAAffiche;
-				//itemTypes[code.length] + ' ' + code;
+				var name = escapeHtml(niveau + codeAAffiche);
 				var html;
 				var fin = (finalLink ?
-						('<li><a href="'+ replacement + codeAAffiche +'" title="' + name + '">' + name + '</a></li>')
-						: ('<li>' + name + '</li>')
-					);
+					('<li><a href="' + replacement + escapeHtml(codeAAffiche) + '" title="' + name + '">' + name + '</a></li>')
+					: ('<li>' + name + '</li>')
+				);
 
 				if (code && code.length == 6) {
-					html = '<li><a href="emb.htm" title="Accueil">'+nomenclature.toUpperCase()+'</a></li>&nbsp;'	+  fin;
-					}
-				else if (code){
-					html =
-					 breadcrumbs(getParentCode(code), true) + '&nbsp;' 	+
-					fin;
-					}
+					html = '<li><a href="emb.htm" title="Accueil">' + escapeHtml(nomenclature.toUpperCase()) + '</a></li>&nbsp;' + fin;
+				} else if (code) {
+					html = breadcrumbs(getParentCode(code), true) + '&nbsp;' + fin;
+				}
 				return html;
 			}
 
-			/**
-			à partir du code enfant return le code parent
-			**/
 			function getParentCode(code) {
-				//TODO à réécrire pour chaque nomenclature
 				var codeParent;
 				if (code && code.length > 6) {
-					var  codeParentSansPoint = code.substr(0, parentLength[1]);
+					var codeParentSansPoint = code.substr(0, parentLength[1]);
 					codeParent = codeParentSansPoint.substring(0, 2) + "." + codeParentSansPoint.substring(2);
 					return codeParent;
 				}
 				return null;
 			}
-
-
-
 		</script>
 	</head>
 	<body>
diff --git a/pages/common/emb2021/display-item.htm b/pages/common/emb2021/display-item.htm
index 76418be..fc046dd 100644
--- a/pages/common/emb2021/display-item.htm
+++ b/pages/common/emb2021/display-item.htm
@@ -1,151 +1,163 @@
 <!DOCTYPE html>
-<html>
+<html lang="fr">
 	<head>
-		<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
-        <title>EMB - consultation</title>
-        <link href="../commun.css" rel="stylesheet" type="text/css"/>
+		<meta charset="utf-8">
+		<meta name="viewport" content="width=device-width, initial-scale=1.0">
+		<meta name="description" content="EMB - consultation">
+		<title>EMB - consultation</title>
+		<link href="../commun.css" rel="stylesheet" type="text/css"/>
 		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
 		<script>
-			/*
-			var niveau="produits"*/
-			var endpointURL = "http://rdf.insee.fr/sparql";
+			var endpointURL = "https://rdf.insee.fr/sparql";
 			var racine = "http://id.insee.fr/codes/";
-			var nomenclature="emb2021";
-			var regex = new RegExp(racine +nomenclature +"/[A-Z0-9]+/", "g");
+			var nomenclature = "emb2021";
+			var regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
 			var replacement = 'display-item.htm?code=';
-			var itemTypes = ['Activité de la NAF', 'Produit'];//Nom "propre" des différents niveaux 
-			var parentLength = [0,5];//Taille des codes parents (0 si n'existe pas)
+			var itemTypes = ['Activité de la NAF', 'Produit'];
+			var parentLength = [0, 5];
 
 			$(document).ready(function() {
 				var codeAAffiche = getURLParameter('code');
 				var code;
-				if (codeAAffiche.length<6){
+				if (codeAAffiche.length < 6) {
 					code = codeAAffiche.substring(0, 2) + "." + codeAAffiche.substring(2);
-				}else{ code = codeAAffiche;}
+				} else {
+					code = codeAAffiche;
+				}
 				$('#fil-ariane').html('<ul>' + breadcrumbs(code, false) + '</ul>');
 				getLabel(code);
 			});
 
+			function escapeHtml(text) {
+				var map = {
+					'&': '&amp;',
+					'<': '&lt;',
+					'>': '&gt;',
+					'"': '&quot;',
+					"'": '&#039;'
+				};
+				return text.replace(/[&<>"']/g, function(m) { return map[m]; });
+			}
+
 			function getLabel(code) {
 				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ";
 				query += "SELECT ?uri ?label WHERE {";
-				//query += "GRAPH <http://rdf.insee.fr/graphes/codes/"+nomenclature+"> {";
-				query += "?uri skos:prefLabel ?label ; skos:notation '"+ code;
+				query += "?uri skos:prefLabel ?label ; skos:notation '" + escapeHtml(code);
 				query += "'. FILTER langMatches (lang(?label), 'fr')}";
-			  //query += " . }";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-				var codeAAffiche = code.replace(".","") ;
-				$.getJSON(queryURL).success(function(data) {
-					var itemURI = data.results.bindings[0].uri.value;
-					$('#label').html(codeAAffiche + " - " + data.results.bindings[0].label.value);
-					if (code.length>6){
+				var codeAAffiche = code.replace(".", "");
+
+				$.getJSON(queryURL).done(function(data) {
+					if (data.results.bindings.length > 0) {
+						var itemURI = data.results.bindings[0].uri.value;
+						$('#label').html(escapeHtml(codeAAffiche) + " - " + escapeHtml(data.results.bindings[0].label.value));
+						if (code.length > 6) {
 							getDescription(itemURI);
-					}else{
-						var childTypeIndex = (code.length == 6 ? 1 : 0);
-						getChildren(itemURI, itemTypes[childTypeIndex]);
+						} else {
+							var childTypeIndex = (code.length == 6 ? 1 : 0);
+							getChildren(itemURI, itemTypes[childTypeIndex]);
+						}
+					} else {
+						$('#label').html("<p>Code non trouvé</p>");
 					}
-
-				})
+				}).fail(function() {
+					$('#label').html("<p>Erreur lors de la récupération des données</p>");
+				});
 			}
 
 			function getDescription(itemURI) {
 				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + itemURI + ">";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-						"OK"
-				$.getJSON(queryURL).success(function(data) {
+
+				$.getJSON(queryURL).done(function(data) {
 					for (var index = 0; index < data.results.bindings.length; index++) {
 						var bindingObject = data.results.bindings[index];
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale"); // Note générale
-
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale"); // Note générale
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central"); // Contenu central
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite"); // Contenu central
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions"); // Exclusions
-						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques"); // Remarque
+						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale");
+						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions");
+						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques");
 					}
-				})
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function getChildren(itemURI, childType) {
-
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + itemURI + ">  skos:relatedMatch ?child . ";
-				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code"
+				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + escapeHtml(itemURI) + "> skos:relatedMatch ?child . ";
+				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
+				$.getJSON(queryURL).done(function(data) {
 					if (data.results.bindings.length > 0) {
-						var innerHTML = '<p class="nom-enfants">' + childType + (data.results.bindings.length > 1 ? 's' : '') + '</p><ul class="enfants">';
+						var innerHTML = '<p class="nom-enfants">' + escapeHtml(childType) + (data.results.bindings.length > 1 ? 's' : '') + '</p><ul class="enfants">';
 						for (var index = 0; index < data.results.bindings.length; index++) {
 							var childCode = data.results.bindings[index].code.value;
-							innerHTML += '<li><p><a href="'+replacement + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
+							innerHTML += '<li><p><a href="' + replacement + escapeHtml(childCode) + '">' + escapeHtml(childCode) + ' - ' + escapeHtml(data.results.bindings[index].label.value) + '</a></p></li>';
 						}
 						innerHTML += '</ul>';
 						$('#sous-items').html(innerHTML);
 						$('#sous-items').addClass("sous-items");
 					}
-				})
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function getURLParameter(name) {
-    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20'))||null;
+    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20')) || null;
 			}
 
 			function getNote(uri, tag) {
-
-				var query = 'SELECT ?text WHERE { <' + uri + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }'
+				var query = 'SELECT ?text WHERE { <' + escapeHtml(uri) + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }';
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
-					var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
-					$('#' + tag).append(noteText.replace(/\\\$/g, "<br />"));
-					$('#' + tag).addClass(tag);
-				})
+				$.getJSON(queryURL).done(function(data) {
+					if (data.results.bindings.length > 0) {
+						var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
+						$('#' + tag).append(escapeHtml(noteText).replace(/\\\$/g, "<br />"));
+						$('#' + tag).addClass(tag);
+					}
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function breadcrumbs(code, finalLink) {
-				var codeAAffiche ;
+				var codeAAffiche;
+				var niveau;
 				if (code && code.length > 6) {
-					niveau='Produit ';
+					niveau = 'Produit ';
 					codeAAffiche = code;
-				}else {
+				} else {
 					niveau = 'Activité ';
-					codeAAffiche = code.replace(".","") ;
+					codeAAffiche = code.replace(".", "");
 				}
-				var name = niveau+codeAAffiche;
-				//itemTypes[code.length] + ' ' + code;
+				var name = escapeHtml(niveau + codeAAffiche);
 				var html;
 				var fin = (finalLink ?
-						('<li><a href="'+ replacement + codeAAffiche +'" title="' + name + '">' + name + '</a></li>')
-						: ('<li>' + name + '</li>')
-					);
+					('<li><a href="' + replacement + escapeHtml(codeAAffiche) + '" title="' + name + '">' + name + '</a></li>')
+					: ('<li>' + name + '</li>')
+				);
 
 				if (code && code.length == 6) {
-					html = '<li><a href="emb.htm" title="Accueil">'+nomenclature.toUpperCase()+'</a></li>&nbsp;'	+  fin;
-					}
-				else if (code){
-					html =
-					 breadcrumbs(getParentCode(code), true) + '&nbsp;' 	+
-					fin;
-					}
+					html = '<li><a href="emb.htm" title="Accueil">' + escapeHtml(nomenclature.toUpperCase()) + '</a></li>&nbsp;' + fin;
+				} else if (code) {
+					html = breadcrumbs(getParentCode(code), true) + '&nbsp;' + fin;
+				}
 				return html;
 			}
 
-			/**
-			à partir du code enfant return le code parent
-			**/
 			function getParentCode(code) {
-				//TODO à réécrire pour chaque nomenclature
 				var codeParent;
 				if (code && code.length > 6) {
-					var  codeParentSansPoint = code.substr(0, parentLength[1]);
+					var codeParentSansPoint = code.substr(0, parentLength[1]);
 					codeParent = codeParentSansPoint.substring(0, 2) + "." + codeParentSansPoint.substring(2);
 					return codeParent;
 				}
 				return null;
 			}
-
-
-
 		</script>
 	</head>
 	<body>
diff --git a/pages/common/emb2022/display-item.htm b/pages/common/emb2022/display-item.htm
index 102ae0d..ac4f7d1 100644
--- a/pages/common/emb2022/display-item.htm
+++ b/pages/common/emb2022/display-item.htm
@@ -1,151 +1,163 @@
 <!DOCTYPE html>
-<html>
+<html lang="fr">
 	<head>
-		<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
-        <title>EMB - consultation</title>
-        <link href="../commun.css" rel="stylesheet" type="text/css"/>
+		<meta charset="utf-8">
+		<meta name="viewport" content="width=device-width, initial-scale=1.0">
+		<meta name="description" content="EMB - consultation">
+		<title>EMB - consultation</title>
+		<link href="../commun.css" rel="stylesheet" type="text/css"/>
 		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
 		<script>
-			/*
-			var niveau="produits"*/
 			var endpointURL = "https://rdf.insee.fr/sparql";
 			var racine = "http://id.insee.fr/codes/";
-			var nomenclature="emb2022";
-			var regex = new RegExp(racine +nomenclature +"/[A-Z0-9]+/", "g");
+			var nomenclature = "emb2022";
+			var regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
 			var replacement = 'display-item.htm?code=';
-			var itemTypes = ['Activité de la NAF', 'Produit'];//Nom "propre" des différents niveaux 
-			var parentLength = [0,5];//Taille des codes parents (0 si n'existe pas)
+			var itemTypes = ['Activité de la NAF', 'Produit'];
+			var parentLength = [0, 5];
 
 			$(document).ready(function() {
 				var codeAAffiche = getURLParameter('code');
 				var code;
-				if (codeAAffiche.length<6){
+				if (codeAAffiche.length < 6) {
 					code = codeAAffiche.substring(0, 2) + "." + codeAAffiche.substring(2);
-				}else{ code = codeAAffiche;}
+				} else {
+					code = codeAAffiche;
+				}
 				$('#fil-ariane').html('<ul>' + breadcrumbs(code, false) + '</ul>');
 				getLabel(code);
 			});
 
+			function escapeHtml(text) {
+				var map = {
+					'&': '&amp;',
+					'<': '&lt;',
+					'>': '&gt;',
+					'"': '&quot;',
+					"'": '&#039;'
+				};
+				return text.replace(/[&<>"']/g, function(m) { return map[m]; });
+			}
+
 			function getLabel(code) {
 				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ";
 				query += "SELECT ?uri ?label WHERE {";
-				//query += "GRAPH <http://rdf.insee.fr/graphes/codes/"+nomenclature+"> {";
-				query += "?uri skos:prefLabel ?label ; skos:notation '"+ code;
+				query += "?uri skos:prefLabel ?label ; skos:notation '" + escapeHtml(code);
 				query += "'. FILTER langMatches (lang(?label), 'fr')}";
-			  //query += " . }";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-				var codeAAffiche = code.replace(".","") ;
-				$.getJSON(queryURL).success(function(data) {
-					var itemURI = data.results.bindings[0].uri.value;
-					$('#label').html(codeAAffiche + " - " + data.results.bindings[0].label.value);
-					if (code.length>6){
+				var codeAAffiche = code.replace(".", "");
+
+				$.getJSON(queryURL).done(function(data) {
+					if (data.results.bindings.length > 0) {
+						var itemURI = data.results.bindings[0].uri.value;
+						$('#label').html(escapeHtml(codeAAffiche) + " - " + escapeHtml(data.results.bindings[0].label.value));
+						if (code.length > 6) {
 							getDescription(itemURI);
-					}else{
-						var childTypeIndex = (code.length == 6 ? 1 : 0);
-						getChildren(itemURI, itemTypes[childTypeIndex]);
+						} else {
+							var childTypeIndex = (code.length == 6 ? 1 : 0);
+							getChildren(itemURI, itemTypes[childTypeIndex]);
+						}
+					} else {
+						$('#label').html("<p>Code non trouvé</p>");
 					}
-
-				})
+				}).fail(function() {
+					$('#label').html("<p>Erreur lors de la récupération des données</p>");
+				});
 			}
 
 			function getDescription(itemURI) {
 				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + itemURI + ">";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-						"OK"
-				$.getJSON(queryURL).success(function(data) {
+
+				$.getJSON(queryURL).done(function(data) {
 					for (var index = 0; index < data.results.bindings.length; index++) {
 						var bindingObject = data.results.bindings[index];
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale"); // Note générale
-
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale"); // Note générale
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central"); // Contenu central
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite"); // Contenu central
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions"); // Exclusions
-						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques"); // Remarque
+						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale");
+						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions");
+						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques");
 					}
-				})
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function getChildren(itemURI, childType) {
-
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + itemURI + ">  skos:relatedMatch ?child . ";
-				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code"
+				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + escapeHtml(itemURI) + "> skos:relatedMatch ?child . ";
+				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
+				$.getJSON(queryURL).done(function(data) {
 					if (data.results.bindings.length > 0) {
-						var innerHTML = '<p class="nom-enfants">' + childType + (data.results.bindings.length > 1 ? 's' : '') + '</p><ul class="enfants">';
+						var innerHTML = '<p class="nom-enfants">' + escapeHtml(childType) + (data.results.bindings.length > 1 ? 's' : '') + '</p><ul class="enfants">';
 						for (var index = 0; index < data.results.bindings.length; index++) {
 							var childCode = data.results.bindings[index].code.value;
-							innerHTML += '<li><p><a href="'+replacement + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
+							innerHTML += '<li><p><a href="' + replacement + escapeHtml(childCode) + '">' + escapeHtml(childCode) + ' - ' + escapeHtml(data.results.bindings[index].label.value) + '</a></p></li>';
 						}
 						innerHTML += '</ul>';
 						$('#sous-items').html(innerHTML);
 						$('#sous-items').addClass("sous-items");
 					}
-				})
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function getURLParameter(name) {
-    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20'))||null;
+    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20')) || null;
 			}
 
 			function getNote(uri, tag) {
-
-				var query = 'SELECT ?text WHERE { <' + uri + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }'
+				var query = 'SELECT ?text WHERE { <' + escapeHtml(uri) + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }';
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
-					var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
-					$('#' + tag).append(noteText.replace(/\\\$/g, "<br />"));
-					$('#' + tag).addClass(tag);
-				})
+				$.getJSON(queryURL).done(function(data) {
+					if (data.results.bindings.length > 0) {
+						var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
+						$('#' + tag).append(escapeHtml(noteText).replace(/\\\$/g, "<br />"));
+						$('#' + tag).addClass(tag);
+					}
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function breadcrumbs(code, finalLink) {
-				var codeAAffiche ;
+				var codeAAffiche;
+				var niveau;
 				if (code && code.length > 6) {
-					niveau='Produit ';
+					niveau = 'Produit ';
 					codeAAffiche = code;
-				}else {
+				} else {
 					niveau = 'Activité ';
-					codeAAffiche = code.replace(".","") ;
+					codeAAffiche = code.replace(".", "");
 				}
-				var name = niveau+codeAAffiche;
-				//itemTypes[code.length] + ' ' + code;
+				var name = escapeHtml(niveau + codeAAffiche);
 				var html;
 				var fin = (finalLink ?
-						('<li><a href="'+ replacement + codeAAffiche +'" title="' + name + '">' + name + '</a></li>')
-						: ('<li>' + name + '</li>')
-					);
+					('<li><a href="' + replacement + escapeHtml(codeAAffiche) + '" title="' + name + '">' + name + '</a></li>')
+					: ('<li>' + name + '</li>')
+				);
 
 				if (code && code.length == 6) {
-					html = '<li><a href="emb.htm" title="Accueil">'+nomenclature.toUpperCase()+'</a></li>&nbsp;'	+  fin;
-					}
-				else if (code){
-					html =
-					 breadcrumbs(getParentCode(code), true) + '&nbsp;' 	+
-					fin;
-					}
+					html = '<li><a href="emb.htm" title="Accueil">' + escapeHtml(nomenclature.toUpperCase()) + '</a></li>&nbsp;' + fin;
+				} else if (code) {
+					html = breadcrumbs(getParentCode(code), true) + '&nbsp;' + fin;
+				}
 				return html;
 			}
 
-			/**
-			à partir du code enfant return le code parent
-			**/
 			function getParentCode(code) {
-				//TODO à réécrire pour chaque nomenclature
 				var codeParent;
 				if (code && code.length > 6) {
-					var  codeParentSansPoint = code.substr(0, parentLength[1]);
+					var codeParentSansPoint = code.substr(0, parentLength[1]);
 					codeParent = codeParentSansPoint.substring(0, 2) + "." + codeParentSansPoint.substring(2);
 					return codeParent;
 				}
 				return null;
 			}
-
-
-
 		</script>
 	</head>
 	<body>
diff --git a/pages/common/emb2023/display-item.htm b/pages/common/emb2023/display-item.htm
index 8136032..4bc525c 100644
--- a/pages/common/emb2023/display-item.htm
+++ b/pages/common/emb2023/display-item.htm
@@ -1,151 +1,163 @@
 <!DOCTYPE html>
-<html>
+<html lang="fr">
 	<head>
-		<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
-        <title>EMB - consultation</title>
-        <link href="../commun.css" rel="stylesheet" type="text/css"/>
+		<meta charset="utf-8">
+		<meta name="viewport" content="width=device-width, initial-scale=1.0">
+		<meta name="description" content="EMB - consultation">
+		<title>EMB - consultation</title>
+		<link href="../commun.css" rel="stylesheet" type="text/css"/>
 		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
 		<script>
-			/*
-			var niveau="produits"*/
 			var endpointURL = "https://rdf.insee.fr/sparql";
 			var racine = "http://id.insee.fr/codes/";
-			var nomenclature="emb2023";
-			var regex = new RegExp(racine +nomenclature +"/[A-Z0-9]+/", "g");
+			var nomenclature = "emb2023";
+			var regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
 			var replacement = 'display-item.htm?code=';
-			var itemTypes = ['Activité de la NAF', 'Produit'];//Nom "propre" des différents niveaux 
-			var parentLength = [0,5];//Taille des codes parents (0 si n'existe pas)
+			var itemTypes = ['Activité de la NAF', 'Produit'];
+			var parentLength = [0, 5];
 
 			$(document).ready(function() {
 				var codeAAffiche = getURLParameter('code');
 				var code;
-				if (codeAAffiche.length<6){
+				if (codeAAffiche.length < 6) {
 					code = codeAAffiche.substring(0, 2) + "." + codeAAffiche.substring(2);
-				}else{ code = codeAAffiche;}
+				} else {
+					code = codeAAffiche;
+				}
 				$('#fil-ariane').html('<ul>' + breadcrumbs(code, false) + '</ul>');
 				getLabel(code);
 			});
 
+			function escapeHtml(text) {
+				var map = {
+					'&': '&amp;',
+					'<': '&lt;',
+					'>': '&gt;',
+					'"': '&quot;',
+					"'": '&#039;'
+				};
+				return text.replace(/[&<>"']/g, function(m) { return map[m]; });
+			}
+
 			function getLabel(code) {
 				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ";
 				query += "SELECT ?uri ?label WHERE {";
-				//query += "GRAPH <http://rdf.insee.fr/graphes/codes/"+nomenclature+"> {";
-				query += "?uri skos:prefLabel ?label ; skos:notation '"+ code;
+				query += "?uri skos:prefLabel ?label ; skos:notation '" + escapeHtml(code);
 				query += "'. FILTER langMatches (lang(?label), 'fr')}";
-			  //query += " . }";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-				var codeAAffiche = code.replace(".","") ;
-				$.getJSON(queryURL).success(function(data) {
-					var itemURI = data.results.bindings[0].uri.value;
-					$('#label').html(codeAAffiche + " - " + data.results.bindings[0].label.value);
-					if (code.length>6){
+				var codeAAffiche = code.replace(".", "");
+
+				$.getJSON(queryURL).done(function(data) {
+					if (data.results.bindings.length > 0) {
+						var itemURI = data.results.bindings[0].uri.value;
+						$('#label').html(escapeHtml(codeAAffiche) + " - " + escapeHtml(data.results.bindings[0].label.value));
+						if (code.length > 6) {
 							getDescription(itemURI);
-					}else{
-						var childTypeIndex = (code.length == 6 ? 1 : 0);
-						getChildren(itemURI, itemTypes[childTypeIndex]);
+						} else {
+							var childTypeIndex = (code.length == 6 ? 1 : 0);
+							getChildren(itemURI, itemTypes[childTypeIndex]);
+						}
+					} else {
+						$('#label').html("<p>Code non trouvé</p>");
 					}
-
-				})
+				}).fail(function() {
+					$('#label').html("<p>Erreur lors de la récupération des données</p>");
+				});
 			}
 
 			function getDescription(itemURI) {
 				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + itemURI + ">";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-						"OK"
-				$.getJSON(queryURL).success(function(data) {
+
+				$.getJSON(queryURL).done(function(data) {
 					for (var index = 0; index < data.results.bindings.length; index++) {
 						var bindingObject = data.results.bindings[index];
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale"); // Note générale
-
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale"); // Note générale
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central"); // Contenu central
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite"); // Contenu central
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions"); // Exclusions
-						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques"); // Remarque
+						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale");
+						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions");
+						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques");
 					}
-				})
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function getChildren(itemURI, childType) {
-
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + itemURI + ">  skos:relatedMatch ?child . ";
-				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code"
+				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + escapeHtml(itemURI) + "> skos:relatedMatch ?child . ";
+				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
+				$.getJSON(queryURL).done(function(data) {
 					if (data.results.bindings.length > 0) {
-						var innerHTML = '<p class="nom-enfants">' + childType + (data.results.bindings.length > 1 ? 's' : '') + '</p><ul class="enfants">';
+						var innerHTML = '<p class="nom-enfants">' + escapeHtml(childType) + (data.results.bindings.length > 1 ? 's' : '') + '</p><ul class="enfants">';
 						for (var index = 0; index < data.results.bindings.length; index++) {
 							var childCode = data.results.bindings[index].code.value;
-							innerHTML += '<li><p><a href="'+replacement + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
+							innerHTML += '<li><p><a href="' + replacement + escapeHtml(childCode) + '">' + escapeHtml(childCode) + ' - ' + escapeHtml(data.results.bindings[index].label.value) + '</a></p></li>';
 						}
 						innerHTML += '</ul>';
 						$('#sous-items').html(innerHTML);
 						$('#sous-items').addClass("sous-items");
 					}
-				})
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function getURLParameter(name) {
-    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20'))||null;
+    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20')) || null;
 			}
 
 			function getNote(uri, tag) {
-
-				var query = 'SELECT ?text WHERE { <' + uri + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }'
+				var query = 'SELECT ?text WHERE { <' + escapeHtml(uri) + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }';
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
-					var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
-					$('#' + tag).append(noteText.replace(/\\\$/g, "<br />"));
-					$('#' + tag).addClass(tag);
-				})
+				$.getJSON(queryURL).done(function(data) {
+					if (data.results.bindings.length > 0) {
+						var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
+						$('#' + tag).append(escapeHtml(noteText).replace(/\\\$/g, "<br />"));
+						$('#' + tag).addClass(tag);
+					}
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function breadcrumbs(code, finalLink) {
-				var codeAAffiche ;
+				var codeAAffiche;
+				var niveau;
 				if (code && code.length > 6) {
-					niveau='Produit ';
+					niveau = 'Produit ';
 					codeAAffiche = code;
-				}else {
+				} else {
 					niveau = 'Activité ';
-					codeAAffiche = code.replace(".","") ;
+					codeAAffiche = code.replace(".", "");
 				}
-				var name = niveau+codeAAffiche;
-				//itemTypes[code.length] + ' ' + code;
+				var name = escapeHtml(niveau + codeAAffiche);
 				var html;
 				var fin = (finalLink ?
-						('<li><a href="'+ replacement + codeAAffiche +'" title="' + name + '">' + name + '</a></li>')
-						: ('<li>' + name + '</li>')
-					);
+					('<li><a href="' + replacement + escapeHtml(codeAAffiche) + '" title="' + name + '">' + name + '</a></li>')
+					: ('<li>' + name + '</li>')
+				);
 
 				if (code && code.length == 6) {
-					html = '<li><a href="emb.htm" title="Accueil">'+nomenclature.toUpperCase()+'</a></li>&nbsp;'	+  fin;
-					}
-				else if (code){
-					html =
-					 breadcrumbs(getParentCode(code), true) + '&nbsp;' 	+
-					fin;
-					}
+					html = '<li><a href="emb.htm" title="Accueil">' + escapeHtml(nomenclature.toUpperCase()) + '</a></li>&nbsp;' + fin;
+				} else if (code) {
+					html = breadcrumbs(getParentCode(code), true) + '&nbsp;' + fin;
+				}
 				return html;
 			}
 
-			/**
-			à partir du code enfant return le code parent
-			**/
 			function getParentCode(code) {
-				//TODO à réécrire pour chaque nomenclature
 				var codeParent;
 				if (code && code.length > 6) {
-					var  codeParentSansPoint = code.substr(0, parentLength[1]);
+					var codeParentSansPoint = code.substr(0, parentLength[1]);
 					codeParent = codeParentSansPoint.substring(0, 2) + "." + codeParentSansPoint.substring(2);
 					return codeParent;
 				}
 				return null;
 			}
-
-
-
 		</script>
 	</head>
 	<body>
diff --git a/pages/common/emb2024/display-item.htm b/pages/common/emb2024/display-item.htm
index 544e429..fbe80ef 100644
--- a/pages/common/emb2024/display-item.htm
+++ b/pages/common/emb2024/display-item.htm
@@ -1,151 +1,163 @@
 <!DOCTYPE html>
-<html>
+<html lang="fr">
 	<head>
-		<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
-        <title>EMB - consultation</title>
-        <link href="../commun.css" rel="stylesheet" type="text/css"/>
+		<meta charset="utf-8">
+		<meta name="viewport" content="width=device-width, initial-scale=1.0">
+		<meta name="description" content="EMB - consultation">
+		<title>EMB - consultation</title>
+		<link href="../commun.css" rel="stylesheet" type="text/css"/>
 		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
 		<script>
-			/*
-			var niveau="produits"*/
 			var endpointURL = "https://rdf.insee.fr/sparql";
 			var racine = "http://id.insee.fr/codes/";
-			var nomenclature="emb2024";
-			var regex = new RegExp(racine +nomenclature +"/[A-Z0-9]+/", "g");
+			var nomenclature = "emb2024";
+			var regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
 			var replacement = 'display-item.htm?code=';
-			var itemTypes = ['Activité de la NAF', 'Produit'];//Nom "propre" des différents niveaux 
-			var parentLength = [0,5];//Taille des codes parents (0 si n'existe pas)
+			var itemTypes = ['Activité de la NAF', 'Produit'];
+			var parentLength = [0, 5];
 
 			$(document).ready(function() {
 				var codeAAffiche = getURLParameter('code');
 				var code;
-				if (codeAAffiche.length<6){
+				if (codeAAffiche.length < 6) {
 					code = codeAAffiche.substring(0, 2) + "." + codeAAffiche.substring(2);
-				}else{ code = codeAAffiche;}
+				} else {
+					code = codeAAffiche;
+				}
 				$('#fil-ariane').html('<ul>' + breadcrumbs(code, false) + '</ul>');
 				getLabel(code);
 			});
 
+			function escapeHtml(text) {
+				var map = {
+					'&': '&amp;',
+					'<': '&lt;',
+					'>': '&gt;',
+					'"': '&quot;',
+					"'": '&#039;'
+				};
+				return text.replace(/[&<>"']/g, function(m) { return map[m]; });
+			}
+
 			function getLabel(code) {
 				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ";
 				query += "SELECT ?uri ?label WHERE {";
-				//query += "GRAPH <http://rdf.insee.fr/graphes/codes/"+nomenclature+"> {";
-				query += "?uri skos:prefLabel ?label ; skos:notation '"+ code;
+				query += "?uri skos:prefLabel ?label ; skos:notation '" + escapeHtml(code);
 				query += "'. FILTER langMatches (lang(?label), 'fr')}";
-			  //query += " . }";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-				var codeAAffiche = code.replace(".","") ;
-				$.getJSON(queryURL).success(function(data) {
-					var itemURI = data.results.bindings[0].uri.value;
-					$('#label').html(codeAAffiche + " - " + data.results.bindings[0].label.value);
-					if (code.length>6){
+				var codeAAffiche = code.replace(".", "");
+
+				$.getJSON(queryURL).done(function(data) {
+					if (data.results.bindings.length > 0) {
+						var itemURI = data.results.bindings[0].uri.value;
+						$('#label').html(escapeHtml(codeAAffiche) + " - " + escapeHtml(data.results.bindings[0].label.value));
+						if (code.length > 6) {
 							getDescription(itemURI);
-					}else{
-						var childTypeIndex = (code.length == 6 ? 1 : 0);
-						getChildren(itemURI, itemTypes[childTypeIndex]);
+						} else {
+							var childTypeIndex = (code.length == 6 ? 1 : 0);
+							getChildren(itemURI, itemTypes[childTypeIndex]);
+						}
+					} else {
+						$('#label').html("<p>Code non trouvé</p>");
 					}
-
-				})
+				}).fail(function() {
+					$('#label').html("<p>Erreur lors de la récupération des données</p>");
+				});
 			}
 
 			function getDescription(itemURI) {
 				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + itemURI + ">";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-						"OK"
-				$.getJSON(queryURL).success(function(data) {
+
+				$.getJSON(queryURL).done(function(data) {
 					for (var index = 0; index < data.results.bindings.length; index++) {
 						var bindingObject = data.results.bindings[index];
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale"); // Note générale
-
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale"); // Note générale
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central"); // Contenu central
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite"); // Contenu central
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions"); // Exclusions
-						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques"); // Remarque
+						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale");
+						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite");
+						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions");
+						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques");
 					}
-				})
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function getChildren(itemURI, childType) {
-
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + itemURI + ">  skos:relatedMatch ?child . ";
-				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code"
+				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + escapeHtml(itemURI) + "> skos:relatedMatch ?child . ";
+				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
+				$.getJSON(queryURL).done(function(data) {
 					if (data.results.bindings.length > 0) {
-						var innerHTML = '<p class="nom-enfants">' + childType + (data.results.bindings.length > 1 ? 's' : '') + '</p><ul class="enfants">';
+						var innerHTML = '<p class="nom-enfants">' + escapeHtml(childType) + (data.results.bindings.length > 1 ? 's' : '') + '</p><ul class="enfants">';
 						for (var index = 0; index < data.results.bindings.length; index++) {
 							var childCode = data.results.bindings[index].code.value;
-							innerHTML += '<li><p><a href="'+replacement + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
+							innerHTML += '<li><p><a href="' + replacement + escapeHtml(childCode) + '">' + escapeHtml(childCode) + ' - ' + escapeHtml(data.results.bindings[index].label.value) + '</a></p></li>';
 						}
 						innerHTML += '</ul>';
 						$('#sous-items').html(innerHTML);
 						$('#sous-items').addClass("sous-items");
 					}
-				})
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function getURLParameter(name) {
-    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20'))||null;
+    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20')) || null;
 			}
 
 			function getNote(uri, tag) {
-
-				var query = 'SELECT ?text WHERE { <' + uri + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }'
+				var query = 'SELECT ?text WHERE { <' + escapeHtml(uri) + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }';
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
-					var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
-					$('#' + tag).append(noteText.replace(/\\\$/g, "<br />"));
-					$('#' + tag).addClass(tag);
-				})
+				$.getJSON(queryURL).done(function(data) {
+					if (data.results.bindings.length > 0) {
+						var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
+						$('#' + tag).append(escapeHtml(noteText).replace(/\\\$/g, "<br />"));
+						$('#' + tag).addClass(tag);
+					}
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function breadcrumbs(code, finalLink) {
-				var codeAAffiche ;
+				var codeAAffiche;
+				var niveau;
 				if (code && code.length > 6) {
-					niveau='Produit ';
+					niveau = 'Produit ';
 					codeAAffiche = code;
-				}else {
+				} else {
 					niveau = 'Activité ';
-					codeAAffiche = code.replace(".","") ;
+					codeAAffiche = code.replace(".", "");
 				}
-				var name = niveau+codeAAffiche;
-				//itemTypes[code.length] + ' ' + code;
+				var name = escapeHtml(niveau + codeAAffiche);
 				var html;
 				var fin = (finalLink ?
-						('<li><a href="'+ replacement + codeAAffiche +'" title="' + name + '">' + name + '</a></li>')
-						: ('<li>' + name + '</li>')
-					);
+					('<li><a href="' + replacement + escapeHtml(codeAAffiche) + '" title="' + name + '">' + name + '</a></li>')
+					: ('<li>' + name + '</li>')
+				);
 
 				if (code && code.length == 6) {
-					html = '<li><a href="emb.htm" title="Accueil">'+nomenclature.toUpperCase()+'</a></li>&nbsp;'	+  fin;
-					}
-				else if (code){
-					html =
-					 breadcrumbs(getParentCode(code), true) + '&nbsp;' 	+
-					fin;
-					}
+					html = '<li><a href="emb.htm" title="Accueil">' + escapeHtml(nomenclature.toUpperCase()) + '</a></li>&nbsp;' + fin;
+				} else if (code) {
+					html = breadcrumbs(getParentCode(code), true) + '&nbsp;' + fin;
+				}
 				return html;
 			}
 
-			/**
-			à partir du code enfant return le code parent
-			**/
 			function getParentCode(code) {
-				//TODO à réécrire pour chaque nomenclature
 				var codeParent;
 				if (code && code.length > 6) {
-					var  codeParentSansPoint = code.substr(0, parentLength[1]);
+					var codeParentSansPoint = code.substr(0, parentLength[1]);
 					codeParent = codeParentSansPoint.substring(0, 2) + "." + codeParentSansPoint.substring(2);
 					return codeParent;
 				}
 				return null;
 			}
-
-
-
 		</script>
 	</head>
 	<body>
diff --git a/pages/common/naf/display-item.htm b/pages/common/naf/display-item.htm
index 23ea293..f032a0c 100644
--- a/pages/common/naf/display-item.htm
+++ b/pages/common/naf/display-item.htm
@@ -1,13 +1,14 @@
 <!DOCTYPE html>
-<html>
+<html lang="fr">
 	<head>
-		<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
-        <title>NAF 2008 - consulation</title>
-        <link href="../commun.css" rel="stylesheet" type="text/css"/>
+		<meta charset="utf-8">
+		<meta name="viewport" content="width=device-width, initial-scale=1.0">
+		<meta name="description" content="NAF 2008 - consultation">
+		<title>NAF 2008 - consultation</title>
+		<link href="../commun.css" rel="stylesheet" type="text/css"/>
 		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
 		<script>
-
-			var endpointURL = "http://rdf.insee.fr/sparql";
+			var endpointURL = "https://rdf.insee.fr/sparql";
 			var regex = new RegExp('http://id.insee.fr/codes/nafr2/[a-zC]+/', "g");
 			var replacement = 'display-item.htm?code=';
 			var itemTypes = ['', 'Section', 'Division', '', 'Groupe', 'Classe', 'Sous-classe'];
@@ -17,93 +18,121 @@
 
 			$(document).ready(function() {
 				var code = getURLParameter('code');
-				// TODO Add parameter control
 				$('#fil-ariane').html('<ul>' + breadcrumbs(code, false) + '</ul>');
 				getLabel(code);
 			});
 
+			function escapeHtml(text) {
+				var map = {
+					'&': '&amp;',
+					'<': '&lt;',
+					'>': '&gt;',
+					'"': '&quot;',
+					"'": '&#039;'
+				};
+				return text.replace(/[&<>"']/g, function(m) { return map[m]; });
+			}
+
 			function getLabel(code) {
 				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ";
 				query += "SELECT ?uri ?label WHERE {GRAPH <http://rdf.insee.fr/graphes/codes/nafr2> { ?uri skos:prefLabel ?label ; skos:notation '"
-				query += code + "'. FILTER langMatches (lang(?label), 'fr')} . }";
+				query += escapeHtml(code) + "'. FILTER langMatches (lang(?label), 'fr')} . }";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
-					var itemURI = data.results.bindings[0].uri.value;
-					$('#label').html(code + " - " + data.results.bindings[0].label.value);
-					getDescription(itemURI);
-					var childTypeIndex = (code.length == 2 ? 4 : code.length + 1);
-					getChildren(itemURI, itemTypes[childTypeIndex]);
-				})
+				$.getJSON(queryURL).done(function(data) {
+					if (data.results.bindings.length > 0) {
+						var itemURI = data.results.bindings[0].uri.value;
+						$('#label').html(escapeHtml(code) + " - " + escapeHtml(data.results.bindings[0].label.value));
+						getDescription(itemURI);
+						var childTypeIndex = (code.length == 2 ? 4 : code.length + 1);
+						getChildren(itemURI, itemTypes[childTypeIndex]);
+					} else {
+						$('#label').html("<p>Code non trouvé</p>");
+					}
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function getDescription(itemURI) {
-
 				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + itemURI + ">";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var bindingObject = data.results.bindings[index];
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale"); // Note générale
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central"); // Contenu central
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite"); // Contenu central
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions"); // Exclusions
-						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques"); // Remarque
+				$.getJSON(queryURL).done(function(data) {
+					if (data.results.bindings.length > 0) {
+						for (var index = 0; index < data.results.bindings.length; index++) {
+							var bindingObject = data.results.bindings[index];
+							if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale");
+							else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central");
+							else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite");
+							else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions");
+							else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques");
+						}
 					}
-				})
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function getChildren(itemURI, childType) {
-
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + itemURI + ">  skos:narrower ?child . ";
-				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code"
+				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + escapeHtml(itemURI) + "> skos:narrower ?child . ";
+				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
+				$.getJSON(queryURL).done(function(data) {
 					if (data.results.bindings.length > 0) {
-						var innerHTML = '<p class="nom-enfants">' + childType + (data.results.bindings.length > 1 ? 's' : '') + '</p><ul class="enfants">';
+						var innerHTML = '<p class="nom-enfants">' + escapeHtml(childType) + (data.results.bindings.length > 1 ? 's' : '') + '</p><ul class="enfants">';
 						for (var index = 0; index < data.results.bindings.length; index++) {
 							var childCode = data.results.bindings[index].code.value;
-							innerHTML += '<li><p><a href="display-item.htm?code=' + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
+							innerHTML += '<li><p><a href="display-item.htm?code=' + escapeHtml(childCode) + '">' + escapeHtml(childCode) + ' - ' + escapeHtml(data.results.bindings[index].label.value) + '</a></p></li>';
 						}
 						innerHTML += '</ul>';
 						$('#sous-items').html(innerHTML);
 						$('#sous-items').addClass("sous-items");
 					}
-				})
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function getURLParameter(name) {
-    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20'))||null;
+    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20')) || null;
 			}
 
 			function getNote(uri, tag) {
-				
-				var query = 'SELECT ?text WHERE { <' + uri + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }'
+				var query = 'SELECT ?text WHERE { <' + uri + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }';
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).success(function(data) {
-					var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
-					$('#' + tag).append(noteText);
-					$('#' + tag).addClass(tag);
-				})
+				$.getJSON(queryURL).done(function(data) {
+					if (data.results.bindings.length > 0) {
+						var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
+						$('#' + tag).append(escapeHtml(noteText).replace(/\\\$/g, "<br />"));
+						$('#' + tag).addClass(tag);
+					}
+				}).fail(function() {
+					// Handle error silently
+				});
 			}
 
 			function breadcrumbs(code, finalLink) {
-
-				var name = itemTypes[code.length] + ' ' + code;
+				var name = escapeHtml(itemTypes[code.length] + ' ' + code);
 				var html;
-
-				if (code.length == 1) html = '<li><a href="naf.htm" title="Accueil">NAF</a></li>&nbsp;' +  (finalLink ? ('<li><a href="display-item.htm?code=' + code +'" title="' + name + '">' + name + '</a></li>') : ('<li>' + name + '</li>'));
-				else html = breadcrumbs(getParentCode(code), true) + '&nbsp;' + (finalLink ? ('<li><a href="display-item.htm?code=' + code +'" title="' + name + '">' + name + '</a></li>') : ('<li>' + name + '</li>'));
+				var fin = (finalLink ?
+					('<li><a href="display-item.htm?code=' + escapeHtml(code) + '" title="' + name + '">' + name + '</a></li>')
+					: ('<li>' + name + '</li>')
+				);
+
+				if (code.length == 1) {
+					html = '<li><a href="naf.htm" title="Accueil">NAF</a></li>&nbsp;' + fin;
+				} else {
+					html = breadcrumbs(getParentCode(code), true) + '&nbsp;' + fin;
+				}
 				return html;
 			}
 
 			function getParentCode(code) {
-
 				if (code.length > 3) return code.substr(0, parentLength[code.length]);
-				if (code.length = 2) {
+				if (code.length == 2) {
 					var codeNum = parseFloat(code);
 					for (var index = 0; index < sectionBounds.length; index++) {
 						if (codeNum < sectionBounds[index]) return sections.substr(index - 1, 1);
@@ -128,4 +157,4 @@ <h1 id="label" class="item"></h1>
 		</div>
 		<div id="sous-items"></div>
 	</body>
-</html>
\ No newline at end of file
+</html>

From 3590f555eacc48679d800a6fc5800a5c4b76bfbc Mon Sep 17 00:00:00 2001
From: JeromeMBourgeois <jerome.bourgeois@insee.fr>
Date: Tue, 6 Aug 2024 15:33:38 +0200
Subject: [PATCH 02/20] Update display-item.htm

---
 pages/common/eap2021/display-item.htm | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/pages/common/eap2021/display-item.htm b/pages/common/eap2021/display-item.htm
index 5ee0dde..36d3d3d 100644
--- a/pages/common/eap2021/display-item.htm
+++ b/pages/common/eap2021/display-item.htm
@@ -37,7 +37,7 @@
 				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ";
 				query += "SELECT ?uri ?label WHERE {";
 				query += "GRAPH <http://rdf.insee.fr/graphes/codes/" + nomenclature + "> {";
-				query += "?uri skos:prefLabel ?label ; skos:notation '" + escapeHtml(code);
+				query += "?uri skos:prefLabel ?label ; skos:notation '" + code;
 				query += "'. FILTER langMatches (lang(?label), 'fr')}";
 				query += " . }";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
@@ -60,7 +60,7 @@
 			}
 
 			function getDescription(itemURI) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + escapeHtml(itemURI) + ">";
+				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + itemURI + ">";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
 				$.getJSON(queryURL).done(function(data) {
@@ -79,7 +79,7 @@
 			}
 
 			function getChildren(itemURI, childType) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + escapeHtml(itemURI) + "> skos:narrower ?child . ";
+				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + itemURI + "> skos:narrower ?child . ";
 				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code";
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
@@ -104,13 +104,13 @@
 			}
 
 			function getNote(uri, tag) {
-				var query = 'SELECT ?text WHERE { <' + escapeHtml(uri) + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }';
+				var query = 'SELECT ?text WHERE { <' + uri + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }';
 				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
 				$.getJSON(queryURL).done(function(data) {
 					if (data.results.bindings.length > 0) {
-						var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
-						$('#' + tag).append(escapeHtml(noteText).replace(/\\\$/g, "<br />"));
+						var noteText = escapeHtml(data.results.bindings[0].text.value.replace(regex, replacement));
+						$('#' + tag).append(noteText.replace(/\\\$/g, "<br />"));
 						$('#' + tag).addClass(tag);
 					}
 				}).fail(function() {

From 73c9f49ba3af66d20de20bfc7b1f90658e2a28d8 Mon Sep 17 00:00:00 2001
From: JeromeMBourgeois <jerome.bourgeois@insee.fr>
Date: Tue, 6 Aug 2024 15:44:09 +0200
Subject: [PATCH 03/20] Update display-item.htm

---
 pages/common/eap2021/display-item.htm | 304 +++++++++++++-------------
 1 file changed, 152 insertions(+), 152 deletions(-)

diff --git a/pages/common/eap2021/display-item.htm b/pages/common/eap2021/display-item.htm
index 36d3d3d..84ed49c 100644
--- a/pages/common/eap2021/display-item.htm
+++ b/pages/common/eap2021/display-item.htm
@@ -1,169 +1,169 @@
 <!DOCTYPE html>
 <html lang="fr">
-	<head>
-		<meta charset="utf-8">
-		<meta name="viewport" content="width=device-width, initial-scale=1.0">
-		<meta name="description" content="EAP - consultation">
-		<title>EAP - consultation</title>
-		<link href="../commun.css" rel="stylesheet" type="text/css"/>
-		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
-		<script>
-			var endpointURL = "https://rdf.insee.fr/sparql";
-			var racine = "http://id.insee.fr/codes/";
-			var nomenclature = "eap2021";
-			var regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
-			var replacement = 'display-item.htm?code=';
-			var itemTypes = ['Produit', 'produit'];
-			var parentLength = [0, 4];
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="description" content="EAP - consultation">
+    <title>EAP - consultation</title>
+    <link href="../commun.css" rel="stylesheet" type="text/css"/>
+    <script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
+    <script>
+        var endpointURL = "https://rdf.insee.fr/sparql";
+        var racine = "http://id.insee.fr/codes/";
+        var nomenclature = "eap2021";
+        var regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
+        var replacement = 'display-item.htm?code=';
+        var itemTypes = ['Produit', 'produit'];
+        var parentLength = [0, 4];
 
-			$(document).ready(function() {
-				var code = getURLParameter('code');
-				$('#fil-ariane').html('<ul>' + breadcrumbs(code, false) + '</ul>');
-				getLabel(code);
-			});
+        $(document).ready(function() {
+            var code = getURLParameter('code');
+            $('#fil-ariane').html('<ul>' + breadcrumbs(code, false) + '</ul>');
+            getLabel(code);
+        });
 
-			function escapeHtml(text) {
-				var map = {
-					'&': '&amp;',
-					'<': '&lt;',
-					'>': '&gt;',
-					'"': '&quot;',
-					"'": '&#039;'
-				};
-				return text.replace(/[&<>"']/g, function(m) { return map[m]; });
-			}
+        function escapeHtml(text) {
+            var map = {
+                '&': '&amp;',
+                '<': '&lt;',
+                '>': '&gt;',
+                '"': '&quot;',
+                "'": '&#039;'
+            };
+            return text.replace(/[&<>"']/g, function(m) { return map[m]; });
+        }
 
-			function getLabel(code) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ";
-				query += "SELECT ?uri ?label WHERE {";
-				query += "GRAPH <http://rdf.insee.fr/graphes/codes/" + nomenclature + "> {";
-				query += "?uri skos:prefLabel ?label ; skos:notation '" + code;
-				query += "'. FILTER langMatches (lang(?label), 'fr')}";
-				query += " . }";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+        function getLabel(code) {
+            var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ";
+            query += "SELECT ?uri ?label WHERE {";
+            query += "GRAPH <http://rdf.insee.fr/graphes/codes/" + nomenclature + "> {";
+            query += "?uri skos:prefLabel ?label ; skos:notation '" + escapeHtml(code);
+            query += "'. FILTER langMatches (lang(?label), 'fr')}";
+            query += " . }";
+            var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var itemURI = data.results.bindings[0].uri.value;
-						$('#label').html(escapeHtml(code) + " - " + escapeHtml(data.results.bindings[0].label.value));
-						if (code.length > 6) {
-							getDescription(itemURI);
-						}
-						var childTypeIndex = (code.length == 6 ? 1 : 0);
-						getChildren(itemURI, itemTypes[childTypeIndex]);
-					} else {
-						$('#label').html("<p>Code non trouvé</p>");
-					}
-				}).fail(function() {
-					$('#label').html("<p>Erreur lors de la récupération des données</p>");
-				});
-			}
+            $.getJSON(queryURL).done(function(data) {
+                if (data.results.bindings.length > 0) {
+                    var itemURI = data.results.bindings[0].uri.value;
+                    $('#label').html(escapeHtml(code) + " - " + escapeHtml(data.results.bindings[0].label.value));
+                    if (code.length > 6) {
+                        getDescription(itemURI);
+                    }
+                    var childTypeIndex = (code.length == 6 ? 1 : 0);
+                    getChildren(itemURI, itemTypes[childTypeIndex]);
+                } else {
+                    $('#label').html("<p>Code non trouvé</p>");
+                }
+            }).fail(function() {
+                $('#label').html("<p>Erreur lors de la récupération des données</p>");
+            });
+        }
 
-			function getDescription(itemURI) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + itemURI + ">";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+        function getDescription(itemURI) {
+            var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + escapeHtml(itemURI) + ">";
+            var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).done(function(data) {
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var bindingObject = data.results.bindings[index];
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale");
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions");
-						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques");
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+            $.getJSON(queryURL).done(function(data) {
+                for (var index = 0; index < data.results.bindings.length; index++) {
+                    var bindingObject = data.results.bindings[index];
+                    if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale");
+                    if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale");
+                    else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central");
+                    else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite");
+                    else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions");
+                    else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques");
+                }
+            }).fail(function() {
+                // Handle error silently
+            });
+        }
 
-			function getChildren(itemURI, childType) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + itemURI + "> skos:narrower ?child . ";
-				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+        function getChildren(itemURI, childType) {
+            var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + escapeHtml(itemURI) + "> skos:narrower ?child . ";
+            query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code";
+            var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var innerHTML = '<p class="nom-enfants">Liste des produits détaillés</p><ul class="enfants">';
-						for (var index = 0; index < data.results.bindings.length; index++) {
-							var childCode = data.results.bindings[index].code.value;
-							innerHTML += '<li><p><a href="'+ replacement + escapeHtml(childCode) + '">' + escapeHtml(childCode) + ' - ' + escapeHtml(data.results.bindings[index].label.value) + '</a></p></li>';
-						}
-						innerHTML += '</ul>';
-						$('#sous-items').html(innerHTML);
-						$('#sous-items').addClass("sous-items");
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+            $.getJSON(queryURL).done(function(data) {
+                if (data.results.bindings.length > 0) {
+                    var innerHTML = '<p class="nom-enfants">Liste des produits détaillés</p><ul class="enfants">';
+                    for (var index = 0; index < data.results.bindings.length; index++) {
+                        var childCode = data.results.bindings[index].code.value;
+                        innerHTML += '<li><p><a href="'+ replacement + escapeHtml(childCode) + '">' + escapeHtml(childCode) + ' - ' + escapeHtml(data.results.bindings[index].label.value) + '</a></p></li>';
+                    }
+                    innerHTML += '</ul>';
+                    $('#sous-items').html(innerHTML);
+                    $('#sous-items').addClass("sous-items");
+                }
+            }).fail(function() {
+                // Handle error silently
+            });
+        }
 
-			function getURLParameter(name) {
-    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20')) || null;
-			}
+        function getURLParameter(name) {
+            return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20')) || null;
+        }
 
-			function getNote(uri, tag) {
-				var query = 'SELECT ?text WHERE { <' + uri + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }';
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+        function getNote(uri, tag) {
+            var query = 'SELECT ?text WHERE { <' + escapeHtml(uri) + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }';
+            var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var noteText = escapeHtml(data.results.bindings[0].text.value.replace(regex, replacement));
-						$('#' + tag).append(noteText.replace(/\\\$/g, "<br />"));
-						$('#' + tag).addClass(tag);
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+            $.getJSON(queryURL).done(function(data) {
+                if (data.results.bindings.length > 0) {
+                    var noteText = escapeHtml(data.results.bindings[0].text.value.replace(regex, replacement));
+                    $('#' + tag).append(noteText.replace(/\\\$/g, "<br />"));
+                    $('#' + tag).addClass(tag);
+                }
+            }).fail(function() {
+                // Handle error silently
+            });
+        }
 
-			function breadcrumbs(code, finalLink) {
-				var niveau;
-				if (code && code.length > 6) {
-					niveau = 'Produit détaillé ';
-				} else {
-					niveau = 'Produit agrégé ';
-				}
-				var name = escapeHtml(niveau + code);
-				var html;
-				var fin = (finalLink ?
-					('<li><a href="'+ replacement + escapeHtml(code) +'" title="' + name + '">' + name + '</a></li>')
-					: ('<li>' + name + '</li>')
-				);
+        function breadcrumbs(code, finalLink) {
+            var niveau;
+            if (code && code.length > 6) {
+                niveau = 'Produit détaillé ';
+            } else {
+                niveau = 'Produit agrégé ';
+            }
+            var name = escapeHtml(niveau + code);
+            var html;
+            var fin = (finalLink ?
+                ('<li><a href="'+ replacement + escapeHtml(code) +'" title="' + name + '">' + name + '</a></li>')
+                : ('<li>' + name + '</li>')
+            );
 
-				if (code && code.length <= 6) {
-					html = '<li><a href="eap.htm" title="Accueil">'+ escapeHtml(nomenclature.toUpperCase()) +'</a></li>&nbsp;' + fin;
-				} else if (code) {
-					html = breadcrumbs(getParentCode(code), true) + '&nbsp;' + fin;
-				}
-				return html;
-			}
+            if (code && code.length <= 6) {
+                html = '<li><a href="eap.htm" title="Accueil">'+ escapeHtml(nomenclature.toUpperCase()) +'</a></li>&nbsp;' + fin;
+            } else if (code) {
+                html = breadcrumbs(getParentCode(code), true) + '&nbsp;' + fin;
+            }
+            return html;
+        }
 
-			function getParentCode(code) {
-				var codeParent;
-				if (code && code.length > 6) {
-					codeParent = code.substr(0, parentLength[1]);
-					if (code.slice(-1).match(/[A-Z]/)) {
-						codeParent += code.slice(-1).toLowerCase();
-					}
-					return codeParent;
-				}
-				return null;
-			}
-		</script>
-	</head>
-	<body>
-		<div id="fil-ariane"></div>
-		<h1 id="label" class="item"></h1>
-		<br/>
-		<div id="notes">
-			<div id="note-generale"></div>
-			<div id="contenu-central"></div>
-			<div id="contenu-limite"></div>
-			<div id="exclusions"></div>
-			<div id="remarques"></div>
-		</div>
-		<div id="sous-items"></div>
-	</body>
+        function getParentCode(code) {
+            var codeParent;
+            if (code && code.length > 6) {
+                codeParent = code.substr(0, parentLength[1]);
+                if (code.slice(-1).match(/[A-Z]/)) {
+                    codeParent += code.slice(-1).toLowerCase();
+                }
+                return codeParent;
+            }
+            return null;
+        }
+    </script>
+</head>
+<body>
+    <div id="fil-ariane"></div>
+    <h1 id="label" class="item"></h1>
+    <br/>
+    <div id="notes">
+        <div id="note-generale"></div>
+        <div id="contenu-central"></div>
+        <div id="contenu-limite"></div>
+        <div id="exclusions"></div>
+        <div id="remarques"></div>
+    </div>
+    <div id="sous-items"></div>
+</body>
 </html>

From 66af3aabe4713043768b71e1cf94173e19be1fcc Mon Sep 17 00:00:00 2001
From: JeromeMBourgeois <jerome.bourgeois@insee.fr>
Date: Tue, 6 Aug 2024 15:54:01 +0200
Subject: [PATCH 04/20] Update display-item.htm

---
 pages/common/eap2021/display-item.htm | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/pages/common/eap2021/display-item.htm b/pages/common/eap2021/display-item.htm
index 84ed49c..1299747 100644
--- a/pages/common/eap2021/display-item.htm
+++ b/pages/common/eap2021/display-item.htm
@@ -33,6 +33,12 @@
             return text.replace(/[&<>"']/g, function(m) { return map[m]; });
         }
 
+        function decodeHtml(html) {
+            var txt = document.createElement("textarea");
+            txt.innerHTML = html;
+            return txt.value;
+        }
+
         function getLabel(code) {
             var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ";
             query += "SELECT ?uri ?label WHERE {";
@@ -45,17 +51,17 @@
             $.getJSON(queryURL).done(function(data) {
                 if (data.results.bindings.length > 0) {
                     var itemURI = data.results.bindings[0].uri.value;
-                    $('#label').html(escapeHtml(code) + " - " + escapeHtml(data.results.bindings[0].label.value));
+                    $('#label').text(escapeHtml(code) + " - " + decodeHtml(escapeHtml(data.results.bindings[0].label.value)));
                     if (code.length > 6) {
                         getDescription(itemURI);
                     }
                     var childTypeIndex = (code.length == 6 ? 1 : 0);
                     getChildren(itemURI, itemTypes[childTypeIndex]);
                 } else {
-                    $('#label').html("<p>Code non trouvé</p>");
+                    $('#label').text("Code non trouvé");
                 }
             }).fail(function() {
-                $('#label').html("<p>Erreur lors de la récupération des données</p>");
+                $('#label').text("Erreur lors de la récupération des données");
             });
         }
 
@@ -88,7 +94,7 @@
                     var innerHTML = '<p class="nom-enfants">Liste des produits détaillés</p><ul class="enfants">';
                     for (var index = 0; index < data.results.bindings.length; index++) {
                         var childCode = data.results.bindings[index].code.value;
-                        innerHTML += '<li><p><a href="'+ replacement + escapeHtml(childCode) + '">' + escapeHtml(childCode) + ' - ' + escapeHtml(data.results.bindings[index].label.value) + '</a></p></li>';
+                        innerHTML += '<li><p><a href="'+ replacement + escapeHtml(childCode) + '">' + escapeHtml(childCode) + ' - ' + decodeHtml(escapeHtml(data.results.bindings[index].label.value)) + '</a></p></li>';
                     }
                     innerHTML += '</ul>';
                     $('#sous-items').html(innerHTML);
@@ -109,8 +115,8 @@
 
             $.getJSON(queryURL).done(function(data) {
                 if (data.results.bindings.length > 0) {
-                    var noteText = escapeHtml(data.results.bindings[0].text.value.replace(regex, replacement));
-                    $('#' + tag).append(noteText.replace(/\\\$/g, "<br />"));
+                    var noteText = decodeHtml(escapeHtml(data.results.bindings[0].text.value.replace(regex, replacement)));
+                    $('#' + tag).append('<div>' + noteText.replace(/\\\$/g, "<br />") + '</div>');
                     $('#' + tag).addClass(tag);
                 }
             }).fail(function() {

From 2fc9fe2528e57f5d02c86ef7287deab34ebbd7c4 Mon Sep 17 00:00:00 2001
From: JeromeMBourgeois <jerome.bourgeois@insee.fr>
Date: Tue, 6 Aug 2024 16:06:44 +0200
Subject: [PATCH 05/20] Update display-item.htm

---
 pages/common/eap2021/display-item.htm | 39 +++++++++++----------------
 1 file changed, 16 insertions(+), 23 deletions(-)

diff --git a/pages/common/eap2021/display-item.htm b/pages/common/eap2021/display-item.htm
index 1299747..2f69b5b 100644
--- a/pages/common/eap2021/display-item.htm
+++ b/pages/common/eap2021/display-item.htm
@@ -18,7 +18,7 @@
 
         $(document).ready(function() {
             var code = getURLParameter('code');
-            $('#fil-ariane').html('<ul>' + breadcrumbs(code, false) + '</ul>');
+            $('#fil-ariane').html(breadcrumbs(code, false));
             getLabel(code);
         });
 
@@ -33,12 +33,6 @@
             return text.replace(/[&<>"']/g, function(m) { return map[m]; });
         }
 
-        function decodeHtml(html) {
-            var txt = document.createElement("textarea");
-            txt.innerHTML = html;
-            return txt.value;
-        }
-
         function getLabel(code) {
             var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ";
             query += "SELECT ?uri ?label WHERE {";
@@ -51,7 +45,7 @@
             $.getJSON(queryURL).done(function(data) {
                 if (data.results.bindings.length > 0) {
                     var itemURI = data.results.bindings[0].uri.value;
-                    $('#label').text(escapeHtml(code) + " - " + decodeHtml(escapeHtml(data.results.bindings[0].label.value)));
+                    $('#label').text(code + " - " + data.results.bindings[0].label.value);
                     if (code.length > 6) {
                         getDescription(itemURI);
                     }
@@ -91,14 +85,15 @@
 
             $.getJSON(queryURL).done(function(data) {
                 if (data.results.bindings.length > 0) {
-                    var innerHTML = '<p class="nom-enfants">Liste des produits détaillés</p><ul class="enfants">';
+                    var list = $('<ul>').addClass('enfants');
                     for (var index = 0; index < data.results.bindings.length; index++) {
                         var childCode = data.results.bindings[index].code.value;
-                        innerHTML += '<li><p><a href="'+ replacement + escapeHtml(childCode) + '">' + escapeHtml(childCode) + ' - ' + decodeHtml(escapeHtml(data.results.bindings[index].label.value)) + '</a></p></li>';
+                        var listItem = $('<li>');
+                        var link = $('<a>').attr('href', replacement + escapeHtml(childCode)).text(childCode + ' - ' + data.results.bindings[index].label.value);
+                        listItem.append(link);
+                        list.append(listItem);
                     }
-                    innerHTML += '</ul>';
-                    $('#sous-items').html(innerHTML);
-                    $('#sous-items').addClass("sous-items");
+                    $('#sous-items').empty().append($('<p>').addClass('nom-enfants').text('Liste des produits détaillés')).append(list).addClass("sous-items");
                 }
             }).fail(function() {
                 // Handle error silently
@@ -115,9 +110,8 @@
 
             $.getJSON(queryURL).done(function(data) {
                 if (data.results.bindings.length > 0) {
-                    var noteText = decodeHtml(escapeHtml(data.results.bindings[0].text.value.replace(regex, replacement)));
-                    $('#' + tag).append('<div>' + noteText.replace(/\\\$/g, "<br />") + '</div>');
-                    $('#' + tag).addClass(tag);
+                    var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
+                    $('#' + tag).append($('<div>').text(noteText.replace(/\\\$/g, "\n"))).addClass(tag);
                 }
             }).fail(function() {
                 // Handle error silently
@@ -132,16 +126,15 @@
                 niveau = 'Produit agrégé ';
             }
             var name = escapeHtml(niveau + code);
-            var html;
-            var fin = (finalLink ?
-                ('<li><a href="'+ replacement + escapeHtml(code) +'" title="' + name + '">' + name + '</a></li>')
-                : ('<li>' + name + '</li>')
-            );
+            var fin = finalLink
+                ? $('<li>').append($('<a>').attr('href', replacement + escapeHtml(code)).attr('title', name).text(name))
+                : $('<li>').text(name);
 
+            var html;
             if (code && code.length <= 6) {
-                html = '<li><a href="eap.htm" title="Accueil">'+ escapeHtml(nomenclature.toUpperCase()) +'</a></li>&nbsp;' + fin;
+                html = $('<ul>').append($('<li>').append($('<a>').attr('href', 'eap.htm').attr('title', 'Accueil').text(nomenclature.toUpperCase()))).append(fin);
             } else if (code) {
-                html = breadcrumbs(getParentCode(code), true) + '&nbsp;' + fin;
+                html = breadcrumbs(getParentCode(code), true).append(fin);
             }
             return html;
         }

From f693585cdfeaf6f2a1a7df66d038da0087cbe14d Mon Sep 17 00:00:00 2001
From: JeromeMBourgeois <jerome.bourgeois@insee.fr>
Date: Tue, 6 Aug 2024 16:22:36 +0200
Subject: [PATCH 06/20] Update display-item.htm

---
 pages/common/eap2021/display-item.htm | 38 ++++++++++++++++++---------
 1 file changed, 26 insertions(+), 12 deletions(-)

diff --git a/pages/common/eap2021/display-item.htm b/pages/common/eap2021/display-item.htm
index 2f69b5b..3058fb7 100644
--- a/pages/common/eap2021/display-item.htm
+++ b/pages/common/eap2021/display-item.htm
@@ -17,7 +17,11 @@
         var parentLength = [0, 4];
 
         $(document).ready(function() {
-            var code = getURLParameter('code');
+            var code = sanitizeInput(getURLParameter('code'));
+            if (!code) {
+                $('#label').text("Code non trouvé");
+                return;
+            }
             $('#fil-ariane').html(breadcrumbs(code, false));
             getLabel(code);
         });
@@ -33,6 +37,10 @@
             return text.replace(/[&<>"']/g, function(m) { return map[m]; });
         }
 
+        function sanitizeInput(input) {
+            return input.replace(/[^a-zA-Z0-9]/g, '');
+        }
+
         function getLabel(code) {
             var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ";
             query += "SELECT ?uri ?label WHERE {";
@@ -66,12 +74,17 @@
             $.getJSON(queryURL).done(function(data) {
                 for (var index = 0; index < data.results.bindings.length; index++) {
                     var bindingObject = data.results.bindings[index];
-                    if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale");
-                    if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale");
-                    else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central");
-                    else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite");
-                    else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions");
-                    else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques");
+                    var predicate = bindingObject.predicate.value;
+                    var objectValue = bindingObject.object.value;
+
+                    if (predicate === "http://www.w3.org/2004/02/skos/core#definition" ||
+                        predicate === "http://www.w3.org/2004/02/skos/core#scopeNote" ||
+                        predicate === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote" ||
+                        predicate === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote" ||
+                        predicate === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote" ||
+                        predicate === "http://www.w3.org/2004/02/skos/core#note") {
+                        getNote(objectValue, "note-generale");
+                    }
                 }
             }).fail(function() {
                 // Handle error silently
@@ -87,9 +100,10 @@
                 if (data.results.bindings.length > 0) {
                     var list = $('<ul>').addClass('enfants');
                     for (var index = 0; index < data.results.bindings.length; index++) {
-                        var childCode = data.results.bindings[index].code.value;
+                        var childCode = escapeHtml(data.results.bindings[index].code.value);
+                        var label = data.results.bindings[index].label.value;
                         var listItem = $('<li>');
-                        var link = $('<a>').attr('href', replacement + escapeHtml(childCode)).text(childCode + ' - ' + data.results.bindings[index].label.value);
+                        var link = $('<a>').attr('href', replacement + childCode).text(childCode + ' - ' + label);
                         listItem.append(link);
                         list.append(listItem);
                     }
@@ -101,7 +115,7 @@
         }
 
         function getURLParameter(name) {
-            return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20')) || null;
+            return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search) || ["", ""])[1].replace(/\+/g, '%20')) || null;
         }
 
         function getNote(uri, tag) {
@@ -111,7 +125,7 @@
             $.getJSON(queryURL).done(function(data) {
                 if (data.results.bindings.length > 0) {
                     var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
-                    $('#' + tag).append($('<div>').text(noteText.replace(/\\\$/g, "\n"))).addClass(tag);
+                    $('#' + tag).append($('<div>').html(noteText.replace(/\\\$/g, "<br />"))).addClass(tag);
                 }
             }).fail(function() {
                 // Handle error silently
@@ -132,7 +146,7 @@
 
             var html;
             if (code && code.length <= 6) {
-                html = $('<ul>').append($('<li>').append($('<a>').attr('href', 'eap.htm').attr('title', 'Accueil').text(nomenclature.toUpperCase()))).append(fin);
+                html = $('<ul>').append($('<li>').append($('<a>').attr('href', 'eap.htm').attr('title', 'Accueil').text(escapeHtml(nomenclature.toUpperCase())))).append(fin);
             } else if (code) {
                 html = breadcrumbs(getParentCode(code), true).append(fin);
             }

From b8b368ee74c401bff3827f91695bf5a4766a61b6 Mon Sep 17 00:00:00 2001
From: JeromeMBourgeois <jerome.bourgeois@insee.fr>
Date: Tue, 6 Aug 2024 16:51:04 +0200
Subject: [PATCH 07/20] Update display-item.htm

---
 pages/common/eap2021/display-item.htm | 36 ++++++++++++++++-----------
 1 file changed, 22 insertions(+), 14 deletions(-)

diff --git a/pages/common/eap2021/display-item.htm b/pages/common/eap2021/display-item.htm
index 3058fb7..412e8a0 100644
--- a/pages/common/eap2021/display-item.htm
+++ b/pages/common/eap2021/display-item.htm
@@ -17,7 +17,7 @@
         var parentLength = [0, 4];
 
         $(document).ready(function() {
-            var code = sanitizeInput(getURLParameter('code'));
+            var code = sanitizeAndValidateInput(getURLParameter('code'));
             if (!code) {
                 $('#label').text("Code non trouvé");
                 return;
@@ -37,8 +37,17 @@
             return text.replace(/[&<>"']/g, function(m) { return map[m]; });
         }
 
-        function sanitizeInput(input) {
-            return input.replace(/[^a-zA-Z0-9]/g, '');
+        function decodeHtml(html) {
+            var txt = document.createElement("textarea");
+            txt.innerHTML = html;
+            return txt.value;
+        }
+
+        function sanitizeAndValidateInput(input) {
+            // Ensure the input only contains alphanumeric characters
+            var sanitized = input ? input.replace(/[^a-zA-Z0-9]/g, '') : '';
+            // Perform additional validation if needed
+            return sanitized.match(/^[A-Za-z0-9]{1,10}$/) ? sanitized : null;
         }
 
         function getLabel(code) {
@@ -53,7 +62,7 @@
             $.getJSON(queryURL).done(function(data) {
                 if (data.results.bindings.length > 0) {
                     var itemURI = data.results.bindings[0].uri.value;
-                    $('#label').text(code + " - " + data.results.bindings[0].label.value);
+                    $('#label').text(escapeHtml(code) + " - " + decodeHtml(escapeHtml(data.results.bindings[0].label.value)));
                     if (code.length > 6) {
                         getDescription(itemURI);
                     }
@@ -72,8 +81,7 @@
             var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
 
             $.getJSON(queryURL).done(function(data) {
-                for (var index = 0; index < data.results.bindings.length; index++) {
-                    var bindingObject = data.results.bindings[index];
+                data.results.bindings.forEach(function(bindingObject) {
                     var predicate = bindingObject.predicate.value;
                     var objectValue = bindingObject.object.value;
 
@@ -85,7 +93,7 @@
                         predicate === "http://www.w3.org/2004/02/skos/core#note") {
                         getNote(objectValue, "note-generale");
                     }
-                }
+                });
             }).fail(function() {
                 // Handle error silently
             });
@@ -99,14 +107,14 @@
             $.getJSON(queryURL).done(function(data) {
                 if (data.results.bindings.length > 0) {
                     var list = $('<ul>').addClass('enfants');
-                    for (var index = 0; index < data.results.bindings.length; index++) {
-                        var childCode = escapeHtml(data.results.bindings[index].code.value);
-                        var label = data.results.bindings[index].label.value;
+                    data.results.bindings.forEach(function(binding) {
+                        var childCode = escapeHtml(binding.code.value);
+                        var label = decodeHtml(escapeHtml(binding.label.value));
                         var listItem = $('<li>');
-                        var link = $('<a>').attr('href', replacement + childCode).text(childCode + ' - ' + label);
+                        var link = $('<a>').attr('href', replacement + encodeURIComponent(childCode)).text(childCode + ' - ' + label);
                         listItem.append(link);
                         list.append(listItem);
-                    }
+                    });
                     $('#sous-items').empty().append($('<p>').addClass('nom-enfants').text('Liste des produits détaillés')).append(list).addClass("sous-items");
                 }
             }).fail(function() {
@@ -124,7 +132,7 @@
 
             $.getJSON(queryURL).done(function(data) {
                 if (data.results.bindings.length > 0) {
-                    var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
+                    var noteText = decodeHtml(escapeHtml(data.results.bindings[0].text.value.replace(regex, replacement)));
                     $('#' + tag).append($('<div>').html(noteText.replace(/\\\$/g, "<br />"))).addClass(tag);
                 }
             }).fail(function() {
@@ -141,7 +149,7 @@
             }
             var name = escapeHtml(niveau + code);
             var fin = finalLink
-                ? $('<li>').append($('<a>').attr('href', replacement + escapeHtml(code)).attr('title', name).text(name))
+                ? $('<li>').append($('<a>').attr('href', replacement + encodeURIComponent(code)).attr('title', name).text(name))
                 : $('<li>').text(name);
 
             var html;

From 8723089492f792bb00fd92e90459a79e267a3931 Mon Sep 17 00:00:00 2001
From: JeromeMBourgeois <jerome.bourgeois@insee.fr>
Date: Wed, 7 Aug 2024 09:53:23 +0200
Subject: [PATCH 08/20] update eap2021

---
 pages/common/eap2021/display-item.htm | 229 ++++++++++++++------------
 pages/common/eap2021/eap.htm          | 150 ++++++++++-------
 2 files changed, 215 insertions(+), 164 deletions(-)

diff --git a/pages/common/eap2021/display-item.htm b/pages/common/eap2021/display-item.htm
index 412e8a0..35fd2fd 100644
--- a/pages/common/eap2021/display-item.htm
+++ b/pages/common/eap2021/display-item.htm
@@ -6,165 +6,173 @@
     <meta name="description" content="EAP - consultation">
     <title>EAP - consultation</title>
     <link href="../commun.css" rel="stylesheet" type="text/css"/>
-    <script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
+    <script src="https://code.jquery.com/jquery-1.11.1.min.js" integrity="sha256-VAvG3sHdS5LqTT+5A/aeq/bZGa/Uj04xKxY8KM/w9EE=" crossorigin="anonymous"></script>
     <script>
-        var endpointURL = "https://rdf.insee.fr/sparql";
-        var racine = "http://id.insee.fr/codes/";
-        var nomenclature = "eap2021";
-        var regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
-        var replacement = 'display-item.htm?code=';
-        var itemTypes = ['Produit', 'produit'];
-        var parentLength = [0, 4];
-
-        $(document).ready(function() {
-            var code = sanitizeAndValidateInput(getURLParameter('code'));
-            if (!code) {
-                $('#label').text("Code non trouvé");
-                return;
-            }
-            $('#fil-ariane').html(breadcrumbs(code, false));
-            getLabel(code);
-        });
+        const endpointURL = "https://rdf.insee.fr/sparql";
+        const racine = "http://id.insee.fr/codes/";
+        const nomenclature = "eap2021";
+        const replacement = 'display-item.htm?code=';
+        const itemTypes = ['Produit', 'produit'];
+        const parentLength = [0, 4];
+
+        function escapeHtml(unsafe) {
+            return unsafe.replace(/[&<"'>]/g, function (m) {
+                return {
+                    '&': '&amp;',
+                    '<': '&lt;',
+                    '>': '&gt;',
+                    '"': '&quot;',
+                    "'": '&#039;'
+                }[m];
+            });
+        }
 
-        function escapeHtml(text) {
-            var map = {
-                '&': '&amp;',
-                '<': '&lt;',
-                '>': '&gt;',
-                '"': '&quot;',
-                "'": '&#039;'
-            };
-            return text.replace(/[&<>"']/g, function(m) { return map[m]; });
+        function sanitizeAndValidateInput(input) {
+            const sanitized = input ? input.replace(/[^a-zA-Z0-9]/g, '') : '';
+            return sanitized.match(/^[A-Za-z0-9]{1,10}$/) ? sanitized : null;
         }
 
-        function decodeHtml(html) {
-            var txt = document.createElement("textarea");
-            txt.innerHTML = html;
-            return txt.value;
+        function getURLParameter(name) {
+            return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search) || ["", ""])[1].replace(/\+/g, '%20')) || null;
         }
 
-        function sanitizeAndValidateInput(input) {
-            // Ensure the input only contains alphanumeric characters
-            var sanitized = input ? input.replace(/[^a-zA-Z0-9]/g, '') : '';
-            // Perform additional validation if needed
-            return sanitized.match(/^[A-Za-z0-9]{1,10}$/) ? sanitized : null;
+        function validateData(data, requiredVars) {
+            if (data && data.results && data.results.bindings && Array.isArray(data.results.bindings)) {
+                return data.results.bindings.every(binding => {
+                    return requiredVars.every(varName => binding[varName] && binding[varName].value && typeof binding[varName].value === 'string');
+                });
+            }
+            return false;
         }
 
         function getLabel(code) {
-            var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ";
-            query += "SELECT ?uri ?label WHERE {";
-            query += "GRAPH <http://rdf.insee.fr/graphes/codes/" + nomenclature + "> {";
-            query += "?uri skos:prefLabel ?label ; skos:notation '" + escapeHtml(code);
-            query += "'. FILTER langMatches (lang(?label), 'fr')}";
-            query += " . }";
-            var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-
-            $.getJSON(queryURL).done(function(data) {
-                if (data.results.bindings.length > 0) {
-                    var itemURI = data.results.bindings[0].uri.value;
-                    $('#label').text(escapeHtml(code) + " - " + decodeHtml(escapeHtml(data.results.bindings[0].label.value)));
+            //console.log("getLabel called with code:", code);
+            const query = `PREFIX skos:<http://www.w3.org/2004/02/skos/core#> 
+                SELECT ?uri ?label WHERE {
+                    GRAPH <http://rdf.insee.fr/graphes/codes/${nomenclature}> {
+                        ?uri skos:prefLabel ?label ; skos:notation '${escapeHtml(code)}'.
+                        FILTER langMatches(lang(?label), 'fr')
+                    }
+                }`;
+            const queryURL = `${endpointURL}?query=${encodeURIComponent(query)}`;
+            //console.log("getLabel queryURL:", queryURL);
+
+            $.getJSON(queryURL).done(function (data) {
+                if (validateData(data, ['uri', 'label'])) {
+                    const itemURI = escapeHtml(data.results.bindings[0].uri.value);
+                    $('#label').html(`${escapeHtml(code)} - ${escapeHtml(data.results.bindings[0].label.value)}`);
                     if (code.length > 6) {
                         getDescription(itemURI);
                     }
-                    var childTypeIndex = (code.length == 6 ? 1 : 0);
+                    const childTypeIndex = (code.length === 6 ? 1 : 0);
                     getChildren(itemURI, itemTypes[childTypeIndex]);
                 } else {
                     $('#label').text("Code non trouvé");
                 }
-            }).fail(function() {
+            }).fail(function () {
                 $('#label').text("Erreur lors de la récupération des données");
             });
         }
 
         function getDescription(itemURI) {
-            var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + escapeHtml(itemURI) + ">";
-            var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-
-            $.getJSON(queryURL).done(function(data) {
-                data.results.bindings.forEach(function(bindingObject) {
-                    var predicate = bindingObject.predicate.value;
-                    var objectValue = bindingObject.object.value;
-
-                    if (predicate === "http://www.w3.org/2004/02/skos/core#definition" ||
-                        predicate === "http://www.w3.org/2004/02/skos/core#scopeNote" ||
-                        predicate === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote" ||
-                        predicate === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote" ||
-                        predicate === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote" ||
-                        predicate === "http://www.w3.org/2004/02/skos/core#note") {
-                        getNote(objectValue, "note-generale");
-                    }
-                });
-            }).fail(function() {
+            //console.log("getDescription called with itemURI:", itemURI);
+            const query = `PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <${escapeHtml(itemURI)}>`;
+            const queryURL = `${endpointURL}?query=${encodeURIComponent(query)}`;
+            //console.log("getDescription queryURL:", queryURL);
+
+            $.getJSON(queryURL).done(function (data) {
+                if (data.results && data.results.bindings) {
+                    data.results.bindings.forEach(function (bindingObject) {
+                        const predicate = bindingObject.predicate.value;
+                        const objectValue = bindingObject.object.value;
+
+                        if ([
+                            "http://www.w3.org/2004/02/skos/core#definition",
+                            "http://www.w3.org/2004/02/skos/core#scopeNote",
+                            "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote",
+                            "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote",
+                            "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote",
+                            "http://www.w3.org/2004/02/skos/core#note"
+                        ].includes(predicate)) {
+                            getNote(objectValue, "note-generale");
+                        }
+                    });
+                } else {
+                    console.error("Invalid data structure received.");
+                }
+            }).fail(function () {
                 // Handle error silently
             });
         }
 
         function getChildren(itemURI, childType) {
-            var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + escapeHtml(itemURI) + "> skos:narrower ?child . ";
-            query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code";
-            var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-
-            $.getJSON(queryURL).done(function(data) {
-                if (data.results.bindings.length > 0) {
-                    var list = $('<ul>').addClass('enfants');
-                    data.results.bindings.forEach(function(binding) {
-                        var childCode = escapeHtml(binding.code.value);
-                        var label = decodeHtml(escapeHtml(binding.label.value));
-                        var listItem = $('<li>');
-                        var link = $('<a>').attr('href', replacement + encodeURIComponent(childCode)).text(childCode + ' - ' + label);
+            //console.log("getChildren called with itemURI:", itemURI, "and childType:", childType);
+            const query = `PREFIX skos:<http://www.w3.org/2004/02/skos/core#> 
+                SELECT ?code ?label WHERE {
+                    <${escapeHtml(itemURI)}> skos:narrower ?child . 
+                    ?child skos:notation ?code ; skos:prefLabel ?label . 
+                    FILTER langMatches(lang(?label), 'fr') 
+                } ORDER BY ?code`;
+            const queryURL = `${endpointURL}?query=${encodeURIComponent(query)}`;
+            //console.log("getChildren queryURL:", queryURL);
+
+            $.getJSON(queryURL).done(function (data) {
+                if (validateData(data, ['code', 'label']) && data.results.bindings.length > 0) {
+                    const list = $('<ul>').addClass('enfants');
+                    data.results.bindings.forEach(function (binding) {
+                        const childCode = escapeHtml(binding.code.value);
+                        const label = escapeHtml(binding.label.value);
+                        const listItem = $('<li>');
+                        const link = $('<a>').attr('href', replacement + encodeURIComponent(childCode)).html(`${childCode} - ${label}`);
                         listItem.append(link);
                         list.append(listItem);
                     });
                     $('#sous-items').empty().append($('<p>').addClass('nom-enfants').text('Liste des produits détaillés')).append(list).addClass("sous-items");
+                } else {
+                    $('#sous-items').empty(); // Modification: efface le contenu si aucune donnée n'est trouvée
+                    //console.log("No children found or invalid data structure received.");
                 }
-            }).fail(function() {
+            }).fail(function () {
                 // Handle error silently
+                //console.log("Failed to fetch children.");
             });
         }
 
-        function getURLParameter(name) {
-            return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search) || ["", ""])[1].replace(/\+/g, '%20')) || null;
-        }
-
         function getNote(uri, tag) {
-            var query = 'SELECT ?text WHERE { <' + escapeHtml(uri) + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }';
-            var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+            const query = `SELECT ?text WHERE { <${escapeHtml(uri)}> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }`;
+            const queryURL = `${endpointURL}?query=${encodeURIComponent(query)}`;
 
-            $.getJSON(queryURL).done(function(data) {
-                if (data.results.bindings.length > 0) {
-                    var noteText = decodeHtml(escapeHtml(data.results.bindings[0].text.value.replace(regex, replacement)));
-                    $('#' + tag).append($('<div>').html(noteText.replace(/\\\$/g, "<br />"))).addClass(tag);
+            $.getJSON(queryURL).done(function (data) {
+                if (data.results && data.results.bindings && data.results.bindings[0] && data.results.bindings[0].text) {
+                    const noteText = escapeHtml(data.results.bindings[0].text.value.replace(/\\/g, "\n"));
+                    $(`#${tag}`).append($('<div>').text(noteText)).addClass(tag);
+                } else {
+                    console.error("Invalid data structure received.");
                 }
-            }).fail(function() {
+            }).fail(function () {
                 // Handle error silently
             });
         }
 
         function breadcrumbs(code, finalLink) {
-            var niveau;
-            if (code && code.length > 6) {
-                niveau = 'Produit détaillé ';
-            } else {
-                niveau = 'Produit agrégé ';
-            }
-            var name = escapeHtml(niveau + code);
-            var fin = finalLink
-                ? $('<li>').append($('<a>').attr('href', replacement + encodeURIComponent(code)).attr('title', name).text(name))
+            const niveau = code && code.length > 6 ? 'Produit détaillé ' : 'Produit agrégé ';
+            const name = escapeHtml(niveau + code);
+            const fin = finalLink
+                ? $('<li>').append($('<a>').attr('href', replacement + encodeURIComponent(escapeHtml(code))).attr('title', escapeHtml(name)).text(name))
                 : $('<li>').text(name);
 
-            var html;
+            let html;
             if (code && code.length <= 6) {
                 html = $('<ul>').append($('<li>').append($('<a>').attr('href', 'eap.htm').attr('title', 'Accueil').text(escapeHtml(nomenclature.toUpperCase())))).append(fin);
             } else if (code) {
-                html = breadcrumbs(getParentCode(code), true).append(fin);
+                html = $('<ul>').append(breadcrumbs(getParentCode(code), true)).append(fin);
             }
             return html;
         }
 
         function getParentCode(code) {
-            var codeParent;
             if (code && code.length > 6) {
-                codeParent = code.substr(0, parentLength[1]);
+                let codeParent = code.substr(0, parentLength[1]);
                 if (code.slice(-1).match(/[A-Z]/)) {
                     codeParent += code.slice(-1).toLowerCase();
                 }
@@ -172,7 +180,18 @@
             }
             return null;
         }
+
+        $(document).ready(function () {
+            const code = sanitizeAndValidateInput(getURLParameter('code'));
+            if (!code) {
+                $('#label').text("Code non trouvé");
+                return;
+            }
+            $('#fil-ariane').empty().append($('<ul>').append(breadcrumbs(code, false)));
+            getLabel(code);
+        });
     </script>
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' https://code.jquery.com; style-src 'self' 'unsafe-inline'; connect-src 'self' https://rdf.insee.fr; object-src 'none';">
 </head>
 <body>
     <div id="fil-ariane"></div>
diff --git a/pages/common/eap2021/eap.htm b/pages/common/eap2021/eap.htm
index c97ae2d..e979739 100644
--- a/pages/common/eap2021/eap.htm
+++ b/pages/common/eap2021/eap.htm
@@ -1,61 +1,93 @@
 <!DOCTYPE html>
-<html>
-		<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
-        <title>Consultation - EAP 2021</title>
-        <link href="../commun.css" rel="stylesheet" type="text/css"/>
-		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
-		<script>
-			var endpointURL = "https://rdf.insee.fr/sparql";
-			var racine = "http://id.insee.fr/codes/";
-			var nomenclature="eap2021";
-			var niveau="produits";
-			var niveau2="produitsAgreges";
-			$(document).ready(function() {
-
-				var query = 'PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ';
-				query += 'SELECT ?code ?label WHERE {GRAPH <http://rdf.insee.fr/graphes/codes/'+nomenclature+'> { ?uri skos:prefLabel ?label ; skos:notation ?code . '
-				query += '<'+racine+nomenclature+'/'+niveau+'> skos:member ?uri .  FILTER langMatches (lang(?label), "fr")} . } ORDER BY ?code';
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-
-				$.getJSON(queryURL).success(function(data) {
-
-					var innerHTML = '<p class="nom-enfants"> Liste des produits détaillés </p><ul class="enfants">';
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var childCode = data.results.bindings[index].code.value;
-						innerHTML += '<li><p><a href="display-item.htm?code=' + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
-					}
-					innerHTML += '</ul>';
-					$('#sous-items2').html(innerHTML);
-
-
-				});
-				
-				
-				var query2 = 'PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ';
-				query2 += 'SELECT ?code ?label WHERE {GRAPH <http://rdf.insee.fr/graphes/codes/'+nomenclature+'> { ?uri skos:prefLabel ?label ; skos:notation ?code . '
-				query2 += '<'+racine+nomenclature+'/'+niveau2+'> skos:member ?uri .  FILTER langMatches (lang(?label), "fr")} . } ORDER BY ?code';
-				var queryURL2 = endpointURL + "?query=" + encodeURIComponent(query2);
-					
-					$.getJSON(queryURL2).success(function(data) {
-					var innerHTML = '<p class="nom-enfants"> Liste des produits agrégés </p><ul class="enfants">';
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var childCode = data.results.bindings[index].code.value;
-						innerHTML += '<li><p><a href="display-item.htm?code=' + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
-					}
-					innerHTML += '</ul>';
-					
-					$('#sous-items1').html(innerHTML);
-					});
-			});
-
-		</script>
-	</head>
-	<body>
-		<h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP) 2021</h1>
-		<div class="note-generale">
-			<p>Liste des produits de l'Enquête Annuelle de Production 2021</p>
-		</div>
-		<div id="sous-items1" class="sous-items" style="width: 45%; float: left;"></div>
-		<div id="sous-items2" class="sous-items" style="width: 45%; float: left;"></div>
-	</body>
+<html lang="fr">
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="description" content="Consultation - EAP 2021">
+    <title>Consultation - EAP 2021</title>
+    <link href="../commun.css" rel="stylesheet" type="text/css"/>
+    <script src="https://code.jquery.com/jquery-1.11.1.min.js" integrity="sha256-VAvG3sHdS5LqTT+5A/aeq/bZGa/Uj04xKxY8KM/w9EE=" crossorigin="anonymous"></script>
+    <script>
+        const endpointURL = "https://rdf.insee.fr/sparql";
+        const racine = "http://id.insee.fr/codes/";
+        const nomenclature = "eap2021";
+        const niveau = "produits";
+        const niveau2 = "produitsAgreges";
+
+        function escapeHtml(unsafe) {
+            return unsafe.replace(/[&<"'>]/g, function (m) {
+                return {
+                    '&': '&amp;',
+                    '<': '&lt;',
+                    '>': '&gt;',
+                    '"': '&quot;',
+                    "'": '&#039;'
+                }[m];
+            });
+        }
+
+        function validateData(data) {
+            if (data && data.results && data.results.bindings && Array.isArray(data.results.bindings)) {
+                return data.results.bindings.every(binding => {
+                    return binding.code && binding.code.value && typeof binding.code.value === 'string' &&
+                           binding.label && binding.label.value && typeof binding.label.value === 'string';
+                });
+            }
+            return false;
+        }
+
+        $(document).ready(function () {
+            const queryBase = 'PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ';
+
+            function buildQuery(niveau) {
+                return `${queryBase} SELECT ?code ?label WHERE {
+                    GRAPH <http://rdf.insee.fr/graphes/codes/${nomenclature}> {
+                        ?uri skos:prefLabel ?label ; skos:notation ?code .
+                        <${racine}${nomenclature}/${niveau}> skos:member ?uri .
+                        FILTER langMatches(lang(?label), "fr")
+                    }
+                } ORDER BY ?code`;
+            }
+
+            function handleData(data, containerId, title) {
+                if (validateData(data)) {
+                    let innerHTML = `<p class="nom-enfants">${escapeHtml(title)}</p><ul class="enfants">`;
+                    data.results.bindings.forEach(function (binding) {
+                        const childCode = escapeHtml(binding.code.value);
+                        const label = escapeHtml(binding.label.value);
+                        innerHTML += `<li><p><a href="display-item.htm?code=${childCode}">${childCode} - ${label}</a></p></li>`;
+                    });
+                    innerHTML += '</ul>';
+                    $(`#${containerId}`).html(innerHTML);
+                } else {
+                    console.error("Invalid data structure received.");
+                }
+            }
+
+            function fetchData(query, containerId, title) {
+                const queryURL = `${endpointURL}?query=${encodeURIComponent(query)}`;
+                $.getJSON(queryURL).done(function (data) {
+                    handleData(data, containerId, title);
+                }).fail(function () {
+                    console.error("Erreur lors de la récupération des données");
+                });
+            }
+
+            const query1 = buildQuery(niveau);
+            fetchData(query1, 'sous-items2', 'Liste des produits détaillés');
+
+            const query2 = buildQuery(niveau2);
+            fetchData(query2, 'sous-items1', 'Liste des produits agrégés');
+        });
+    </script>
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' https://code.jquery.com; style-src 'self' 'unsafe-inline'; connect-src 'self' https://rdf.insee.fr; object-src 'none';">
+</head>
+<body>
+    <h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP) 2021</h1>
+    <div class="note-generale">
+        <p>Liste des produits de l'Enquête Annuelle de Production 2021</p>
+    </div>
+    <div id="sous-items1" class="sous-items" style="width: 45%; float: left;"></div>
+    <div id="sous-items2" class="sous-items" style="width: 45%; float: left;"></div>
+</body>
 </html>

From 3008a8ad80fa42087ee4e1ef8d74815da250c815 Mon Sep 17 00:00:00 2001
From: JeromeMBourgeois <jerome.bourgeois@insee.fr>
Date: Wed, 7 Aug 2024 10:41:50 +0200
Subject: [PATCH 09/20] update display-item eap2021

---
 pages/common/eap2021/display-item.htm | 212 ++++++++++++++------------
 1 file changed, 116 insertions(+), 96 deletions(-)

diff --git a/pages/common/eap2021/display-item.htm b/pages/common/eap2021/display-item.htm
index 35fd2fd..de5c686 100644
--- a/pages/common/eap2021/display-item.htm
+++ b/pages/common/eap2021/display-item.htm
@@ -32,47 +32,52 @@
             return sanitized.match(/^[A-Za-z0-9]{1,10}$/) ? sanitized : null;
         }
 
-        function getURLParameter(name) {
-            return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search) || ["", ""])[1].replace(/\+/g, '%20')) || null;
-        }
-
-        function validateData(data, requiredVars) {
-            if (data && data.results && data.results.bindings && Array.isArray(data.results.bindings)) {
-                return data.results.bindings.every(binding => {
-                    return requiredVars.every(varName => binding[varName] && binding[varName].value && typeof binding[varName].value === 'string');
-                });
+		function getURLParameter(name) {
+    const param = decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search) || ["", ""])[1].replace(/\+/g, '%20')) || null;
+    if (param && /^[A-Za-z0-9\-]+$/.test(param)) {  // Added regex validation
+        return param;
+    }
+    return null;
+}
+
+		function validateData(data, requiredVars) {
+    if (data && data.results && data.results.bindings && Array.isArray(data.results.bindings)) {
+        return data.results.bindings.every(binding => {
+            return requiredVars.every(varName => binding[varName] && binding[varName].value && typeof binding[varName].value === 'string');
+        });
+    }
+    return false;
+}
+
+function getLabel(code) {
+    //console.log("getLabel called with code:", code);
+    const query = `PREFIX skos:<http://www.w3.org/2004/02/skos/core#> 
+        SELECT ?uri ?label WHERE {
+            GRAPH <http://rdf.insee.fr/graphes/codes/${nomenclature}> {
+                ?uri skos:prefLabel ?label ; skos:notation '${escapeHtml(code)}'.
+                FILTER langMatches(lang(?label), 'fr')
             }
-            return false;
+        }`;
+    const queryURL = `${endpointURL}?query=${encodeURIComponent(query)}`;
+    //console.log("getLabel queryURL:", queryURL);
+
+    $.getJSON(queryURL).done(function (data) {
+        if (validateData(data, ['uri', 'label'])) {
+            const itemURI = escapeHtml(data.results.bindings[0].uri.value);
+            $('#label').html(`${escapeHtml(code)} - ${escapeHtml(data.results.bindings[0].label.value)}`);
+            if (code.length > 6) {
+                getDescription(itemURI);
+            }
+            const childTypeIndex = (code.length === 6 ? 1 : 0);
+            getChildren(itemURI, itemTypes[childTypeIndex]);
+        } else {
+            $('#label').text("Code non trouvé");
         }
+    }).fail(function () {
+        $('#label').text("Erreur lors de la récupération des données");
+    });
+}
 
-        function getLabel(code) {
-            //console.log("getLabel called with code:", code);
-            const query = `PREFIX skos:<http://www.w3.org/2004/02/skos/core#> 
-                SELECT ?uri ?label WHERE {
-                    GRAPH <http://rdf.insee.fr/graphes/codes/${nomenclature}> {
-                        ?uri skos:prefLabel ?label ; skos:notation '${escapeHtml(code)}'.
-                        FILTER langMatches(lang(?label), 'fr')
-                    }
-                }`;
-            const queryURL = `${endpointURL}?query=${encodeURIComponent(query)}`;
-            //console.log("getLabel queryURL:", queryURL);
-
-            $.getJSON(queryURL).done(function (data) {
-                if (validateData(data, ['uri', 'label'])) {
-                    const itemURI = escapeHtml(data.results.bindings[0].uri.value);
-                    $('#label').html(`${escapeHtml(code)} - ${escapeHtml(data.results.bindings[0].label.value)}`);
-                    if (code.length > 6) {
-                        getDescription(itemURI);
-                    }
-                    const childTypeIndex = (code.length === 6 ? 1 : 0);
-                    getChildren(itemURI, itemTypes[childTypeIndex]);
-                } else {
-                    $('#label').text("Code non trouvé");
-                }
-            }).fail(function () {
-                $('#label').text("Erreur lors de la récupération des données");
-            });
-        }
 
         function getDescription(itemURI) {
             //console.log("getDescription called with itemURI:", itemURI);
@@ -105,70 +110,85 @@
             });
         }
 
-        function getChildren(itemURI, childType) {
-            //console.log("getChildren called with itemURI:", itemURI, "and childType:", childType);
-            const query = `PREFIX skos:<http://www.w3.org/2004/02/skos/core#> 
-                SELECT ?code ?label WHERE {
-                    <${escapeHtml(itemURI)}> skos:narrower ?child . 
-                    ?child skos:notation ?code ; skos:prefLabel ?label . 
-                    FILTER langMatches(lang(?label), 'fr') 
-                } ORDER BY ?code`;
-            const queryURL = `${endpointURL}?query=${encodeURIComponent(query)}`;
-            //console.log("getChildren queryURL:", queryURL);
-
-            $.getJSON(queryURL).done(function (data) {
-                if (validateData(data, ['code', 'label']) && data.results.bindings.length > 0) {
-                    const list = $('<ul>').addClass('enfants');
-                    data.results.bindings.forEach(function (binding) {
-                        const childCode = escapeHtml(binding.code.value);
-                        const label = escapeHtml(binding.label.value);
-                        const listItem = $('<li>');
-                        const link = $('<a>').attr('href', replacement + encodeURIComponent(childCode)).html(`${childCode} - ${label}`);
-                        listItem.append(link);
-                        list.append(listItem);
-                    });
-                    $('#sous-items').empty().append($('<p>').addClass('nom-enfants').text('Liste des produits détaillés')).append(list).addClass("sous-items");
-                } else {
-                    $('#sous-items').empty(); // Modification: efface le contenu si aucune donnée n'est trouvée
-                    //console.log("No children found or invalid data structure received.");
-                }
-            }).fail(function () {
-                // Handle error silently
-                //console.log("Failed to fetch children.");
+		function getChildren(itemURI, childType) {
+    //console.log("getChildren called with itemURI:", itemURI, "and childType:", childType);
+    const query = `PREFIX skos:<http://www.w3.org/2004/02/skos/core#> 
+        SELECT ?code ?label WHERE {
+            <${escapeHtml(itemURI)}> skos:narrower ?child . 
+            ?child skos:notation ?code ; skos:prefLabel ?label . 
+            FILTER langMatches(lang(?label), 'fr') 
+        } ORDER BY ?code`;
+    const queryURL = `${endpointURL}?query=${encodeURIComponent(query)}`;
+    //console.log("getChildren queryURL:", queryURL);
+
+    $.getJSON(queryURL).done(function (data) {
+        if (validateData(data, ['code', 'label']) && data.results.bindings.length > 0) {
+            const list = $('<ul>').addClass('enfants');
+            data.results.bindings.forEach(function (binding) {
+                const childCode = escapeHtml(binding.code.value);
+                const label = binding.label.value;
+                const listItem = $('<li>');
+                const link = $('<a>').attr('href', replacement + encodeURIComponent(childCode)).text(`${childCode} - ${label}`);
+                listItem.append(link);
+                list.append(listItem);
             });
+            $('#sous-items').empty().append($('<p>').addClass('nom-enfants').text('Liste des produits détaillés')).append(list).addClass("sous-items");
+        } else {
+            $('#sous-items').empty();
+            //console.log("No children found or invalid data structure received.");
         }
+    }).fail(function () {
+        //console.log("Failed to fetch children.");
+    });
+}
 
-        function getNote(uri, tag) {
-            const query = `SELECT ?text WHERE { <${escapeHtml(uri)}> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }`;
-            const queryURL = `${endpointURL}?query=${encodeURIComponent(query)}`;
 
-            $.getJSON(queryURL).done(function (data) {
-                if (data.results && data.results.bindings && data.results.bindings[0] && data.results.bindings[0].text) {
-                    const noteText = escapeHtml(data.results.bindings[0].text.value.replace(/\\/g, "\n"));
-                    $(`#${tag}`).append($('<div>').text(noteText)).addClass(tag);
-                } else {
-                    console.error("Invalid data structure received.");
-                }
-            }).fail(function () {
-                // Handle error silently
-            });
-        }
 
-        function breadcrumbs(code, finalLink) {
-            const niveau = code && code.length > 6 ? 'Produit détaillé ' : 'Produit agrégé ';
-            const name = escapeHtml(niveau + code);
-            const fin = finalLink
-                ? $('<li>').append($('<a>').attr('href', replacement + encodeURIComponent(escapeHtml(code))).attr('title', escapeHtml(name)).text(name))
-                : $('<li>').text(name);
-
-            let html;
-            if (code && code.length <= 6) {
-                html = $('<ul>').append($('<li>').append($('<a>').attr('href', 'eap.htm').attr('title', 'Accueil').text(escapeHtml(nomenclature.toUpperCase())))).append(fin);
-            } else if (code) {
-                html = $('<ul>').append(breadcrumbs(getParentCode(code), true)).append(fin);
-            }
-            return html;
+
+
+function getNote(uri, tag) {
+    // Échappement de l'URI
+    const sanitizedUri = escapeHtml(uri);
+
+    const query = `SELECT ?text WHERE { <${sanitizedUri}> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }`;
+    const queryURL = `${endpointURL}?query=${encodeURIComponent(query)}`;
+
+    $.getJSON(queryURL).done(function (data) {
+        // Validation des données de retour
+        if (data.results && data.results.bindings && Array.isArray(data.results.bindings) && data.results.bindings[0] && data.results.bindings[0].text) {
+            const noteText = escapeHtml(data.results.bindings[0].text.value.replace(/\\/g, "\n"));
+            // Manipulation sécurisée du DOM
+            $(`#${escapeHtml(tag)}`).append($('<div>').text(noteText)).addClass(tag);
+        } else {
+            console.error("Invalid data structure received.");
         }
+    }).fail(function () {
+        console.error("Failed to fetch note.");
+    });
+}
+
+
+
+function breadcrumbs(code, finalLink) {
+    const niveau = code && code.length > 6 ? 'Produit détaillé ' : 'Produit agrégé ';
+    const name = escapeHtml(niveau + code);
+    const sanitizedCode = escapeHtml(code);  // Added sanitation
+
+    const fin = finalLink
+        ? $('<li>').append($('<a>').attr('href', replacement + encodeURIComponent(sanitizedCode)).attr('title', name).text(name))
+        : $('<li>').text(name);
+
+    let html;
+    if (code && code.length <= 6) {
+        html = $('<ul>').append($('<li>').append($('<a>').attr('href', 'eap.htm').attr('title', 'Accueil').text(escapeHtml(nomenclature.toUpperCase())))).append(fin);
+    } else if (code) {
+        html = $('<ul>').append(breadcrumbs(getParentCode(sanitizedCode), true)).append(fin);
+    }
+    return html;
+}
+
+
+
 
         function getParentCode(code) {
             if (code && code.length > 6) {

From 8ecd7e0b24e88f389cd64d83ca86dde96995bf17 Mon Sep 17 00:00:00 2001
From: JeromeMBourgeois <jerome.bourgeois@insee.fr>
Date: Wed, 7 Aug 2024 11:22:06 +0200
Subject: [PATCH 10/20] update $getJson to fetch

---
 pages/common/eap2021/display-item.htm | 280 +++++++++++++-------------
 1 file changed, 142 insertions(+), 138 deletions(-)

diff --git a/pages/common/eap2021/display-item.htm b/pages/common/eap2021/display-item.htm
index de5c686..d6b3752 100644
--- a/pages/common/eap2021/display-item.htm
+++ b/pages/common/eap2021/display-item.htm
@@ -6,7 +6,7 @@
     <meta name="description" content="EAP - consultation">
     <title>EAP - consultation</title>
     <link href="../commun.css" rel="stylesheet" type="text/css"/>
-    <script src="https://code.jquery.com/jquery-1.11.1.min.js" integrity="sha256-VAvG3sHdS5LqTT+5A/aeq/bZGa/Uj04xKxY8KM/w9EE=" crossorigin="anonymous"></script>
+    <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha256-/xUj+3OJU5yExlq6GSYGSHk7tPXikynS7ogEvDej/m4=" crossorigin="anonymous"></script>
     <script>
         const endpointURL = "https://rdf.insee.fr/sparql";
         const racine = "http://id.insee.fr/codes/";
@@ -32,163 +32,167 @@
             return sanitized.match(/^[A-Za-z0-9]{1,10}$/) ? sanitized : null;
         }
 
-		function getURLParameter(name) {
-    const param = decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search) || ["", ""])[1].replace(/\+/g, '%20')) || null;
-    if (param && /^[A-Za-z0-9\-]+$/.test(param)) {  // Added regex validation
-        return param;
-    }
-    return null;
-}
-
-		function validateData(data, requiredVars) {
-    if (data && data.results && data.results.bindings && Array.isArray(data.results.bindings)) {
-        return data.results.bindings.every(binding => {
-            return requiredVars.every(varName => binding[varName] && binding[varName].value && typeof binding[varName].value === 'string');
-        });
-    }
-    return false;
-}
-
-function getLabel(code) {
-    //console.log("getLabel called with code:", code);
-    const query = `PREFIX skos:<http://www.w3.org/2004/02/skos/core#> 
-        SELECT ?uri ?label WHERE {
-            GRAPH <http://rdf.insee.fr/graphes/codes/${nomenclature}> {
-                ?uri skos:prefLabel ?label ; skos:notation '${escapeHtml(code)}'.
-                FILTER langMatches(lang(?label), 'fr')
-            }
-        }`;
-    const queryURL = `${endpointURL}?query=${encodeURIComponent(query)}`;
-    //console.log("getLabel queryURL:", queryURL);
-
-    $.getJSON(queryURL).done(function (data) {
-        if (validateData(data, ['uri', 'label'])) {
-            const itemURI = escapeHtml(data.results.bindings[0].uri.value);
-            $('#label').html(`${escapeHtml(code)} - ${escapeHtml(data.results.bindings[0].label.value)}`);
-            if (code.length > 6) {
-                getDescription(itemURI);
+        function getURLParameter(name) {
+            const param = decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search) || ["", ""])[1].replace(/\+/g, '%20')) || null;
+            if (param && /^[A-Za-z0-9\-]+$/.test(param)) {
+                return param;
             }
-            const childTypeIndex = (code.length === 6 ? 1 : 0);
-            getChildren(itemURI, itemTypes[childTypeIndex]);
-        } else {
-            $('#label').text("Code non trouvé");
+            return null;
         }
-    }).fail(function () {
-        $('#label').text("Erreur lors de la récupération des données");
-    });
-}
 
+        function validateData(data, requiredVars) {
+            if (data && data.results && data.results.bindings && Array.isArray(data.results.bindings)) {
+                return data.results.bindings.every(binding => {
+                    return requiredVars.every(varName => binding[varName] && binding[varName].value && typeof binding[varName].value === 'string');
+                });
+            }
+            return false;
+        }
 
-        function getDescription(itemURI) {
-            //console.log("getDescription called with itemURI:", itemURI);
-            const query = `PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <${escapeHtml(itemURI)}>`;
+        function getLabel(code) {
+            const query = `PREFIX skos:<http://www.w3.org/2004/02/skos/core#> 
+                SELECT ?uri ?label WHERE {
+                    GRAPH <http://rdf.insee.fr/graphes/codes/${nomenclature}> {
+                        ?uri skos:prefLabel ?label ; skos:notation '${escapeHtml(code)}'.
+                        FILTER langMatches(lang(?label), 'fr')
+                    }
+                }`;
             const queryURL = `${endpointURL}?query=${encodeURIComponent(query)}`;
-            //console.log("getDescription queryURL:", queryURL);
-
-            $.getJSON(queryURL).done(function (data) {
-                if (data.results && data.results.bindings) {
-                    data.results.bindings.forEach(function (bindingObject) {
-                        const predicate = bindingObject.predicate.value;
-                        const objectValue = bindingObject.object.value;
-
-                        if ([
-                            "http://www.w3.org/2004/02/skos/core#definition",
-                            "http://www.w3.org/2004/02/skos/core#scopeNote",
-                            "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote",
-                            "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote",
-                            "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote",
-                            "http://www.w3.org/2004/02/skos/core#note"
-                        ].includes(predicate)) {
-                            getNote(objectValue, "note-generale");
-                        }
-                    });
+
+            fetch(queryURL, {
+                headers: {
+                    'Accept': 'application/sparql-results+json'
+                }
+            })
+            .then(response => response.json())
+            .then(data => {
+                if (validateData(data, ['uri', 'label'])) {
+                    const itemURI = escapeHtml(data.results.bindings[0].uri.value);
+                    $('#label').html(`${escapeHtml(code)} - ${escapeHtml(data.results.bindings[0].label.value)}`);
+                    if (code.length > 6) {
+                        getDescription(itemURI);
+                    }
+                    const childTypeIndex = (code.length === 6 ? 1 : 0);
+                    getChildren(itemURI, itemTypes[childTypeIndex]);
                 } else {
-                    console.error("Invalid data structure received.");
+                    $('#label').text("Code non trouvé");
                 }
-            }).fail(function () {
-                // Handle error silently
+            })
+            .catch(() => {
+                $('#label').text("Erreur lors de la récupération des données");
             });
         }
 
-		function getChildren(itemURI, childType) {
-    //console.log("getChildren called with itemURI:", itemURI, "and childType:", childType);
-    const query = `PREFIX skos:<http://www.w3.org/2004/02/skos/core#> 
-        SELECT ?code ?label WHERE {
-            <${escapeHtml(itemURI)}> skos:narrower ?child . 
-            ?child skos:notation ?code ; skos:prefLabel ?label . 
-            FILTER langMatches(lang(?label), 'fr') 
-        } ORDER BY ?code`;
+		function getDescription(itemURI) {
+    const query = `PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <${escapeHtml(itemURI)}>`;
     const queryURL = `${endpointURL}?query=${encodeURIComponent(query)}`;
-    //console.log("getChildren queryURL:", queryURL);
-
-    $.getJSON(queryURL).done(function (data) {
-        if (validateData(data, ['code', 'label']) && data.results.bindings.length > 0) {
-            const list = $('<ul>').addClass('enfants');
-            data.results.bindings.forEach(function (binding) {
-                const childCode = escapeHtml(binding.code.value);
-                const label = binding.label.value;
-                const listItem = $('<li>');
-                const link = $('<a>').attr('href', replacement + encodeURIComponent(childCode)).text(`${childCode} - ${label}`);
-                listItem.append(link);
-                list.append(listItem);
-            });
-            $('#sous-items').empty().append($('<p>').addClass('nom-enfants').text('Liste des produits détaillés')).append(list).addClass("sous-items");
-        } else {
-            $('#sous-items').empty();
-            //console.log("No children found or invalid data structure received.");
-        }
-    }).fail(function () {
-        //console.log("Failed to fetch children.");
-    });
-}
 
-
-
-
-
-function getNote(uri, tag) {
-    // Échappement de l'URI
-    const sanitizedUri = escapeHtml(uri);
-
-    const query = `SELECT ?text WHERE { <${sanitizedUri}> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }`;
-    const queryURL = `${endpointURL}?query=${encodeURIComponent(query)}`;
-
-    $.getJSON(queryURL).done(function (data) {
-        // Validation des données de retour
-        if (data.results && data.results.bindings && Array.isArray(data.results.bindings) && data.results.bindings[0] && data.results.bindings[0].text) {
-            const noteText = escapeHtml(data.results.bindings[0].text.value.replace(/\\/g, "\n"));
-            // Manipulation sécurisée du DOM
-            $(`#${escapeHtml(tag)}`).append($('<div>').text(noteText)).addClass(tag);
-        } else {
-            console.error("Invalid data structure received.");
-        }
-    }).fail(function () {
-        console.error("Failed to fetch note.");
-    });
+    fetch(queryURL)
+        .then(response => response.text())  // Changez response.json() en response.text() car DESCRIBE peut retourner du RDF
+        .then(data => {
+            // Analyser et traiter les données RDF ici
+            const parser = new DOMParser();
+            const xmlDoc = parser.parseFromString(data, "application/xml");
+            // Parcourir le document XML pour trouver les notes
+            const bindings = xmlDoc.getElementsByTagName("binding");
+            for (let i = 0; i < bindings.length; i++) {
+                const binding = bindings[i];
+                const predicate = binding.getElementsByTagName("predicate")[0].textContent;
+                const object = binding.getElementsByTagName("object")[0].textContent;
+
+                if ([
+                    "http://www.w3.org/2004/02/skos/core#definition",
+                    "http://www.w3.org/2004/02/skos/core#scopeNote",
+                    "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote",
+                    "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote",
+                    "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote",
+                    "http://www.w3.org/2004/02/skos/core#note"
+                ].includes(predicate)) {
+                    getNote(object, "note-generale");
+                }
+            }
+        })
+        .catch(() => {
+            console.error("Failed to fetch description.");
+        });
 }
 
+        function getChildren(itemURI, childType) {
+            const query = `PREFIX skos:<http://www.w3.org/2004/02/skos/core#> 
+                SELECT ?code ?label WHERE {
+                    <${escapeHtml(itemURI)}> skos:narrower ?child . 
+                    ?child skos:notation ?code ; skos:prefLabel ?label . 
+                    FILTER langMatches(lang(?label), 'fr') 
+                } ORDER BY ?code`;
+            const queryURL = `${endpointURL}?query=${encodeURIComponent(query)}`;
 
+            fetch(queryURL, {
+                headers: {
+                    'Accept': 'application/sparql-results+json'
+                }
+            })
+            .then(response => response.json())
+            .then(data => {
+                if (validateData(data, ['code', 'label']) && data.results.bindings.length > 0) {
+                    const list = $('<ul>').addClass('enfants');
+                    data.results.bindings.forEach(function (binding) {
+                        const childCode = escapeHtml(binding.code.value);
+                        const label = escapeHtml(binding.label.value);
+                        const listItem = $('<li>');
+                        const link = $('<a>').attr('href', replacement + encodeURIComponent(childCode)).html(`${childCode} - ${label}`);
+                        listItem.append(link);
+                        list.append(listItem);
+                    });
+                    $('#sous-items').empty().append($('<p>').addClass('nom-enfants').text('Liste des produits détaillés')).append(list).addClass("sous-items");
+                } else {
+                    $('#sous-items').empty();
+                }
+            })
+            .catch(() => {
+                console.error("Failed to fetch children.");
+            });
+        }
 
-function breadcrumbs(code, finalLink) {
-    const niveau = code && code.length > 6 ? 'Produit détaillé ' : 'Produit agrégé ';
-    const name = escapeHtml(niveau + code);
-    const sanitizedCode = escapeHtml(code);  // Added sanitation
-
-    const fin = finalLink
-        ? $('<li>').append($('<a>').attr('href', replacement + encodeURIComponent(sanitizedCode)).attr('title', name).text(name))
-        : $('<li>').text(name);
+        function getNote(uri, tag) {
+            const query = `SELECT ?text WHERE { <${escapeHtml(uri)}> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }`;
+            const queryURL = `${endpointURL}?query=${encodeURIComponent(query)}`;
 
-    let html;
-    if (code && code.length <= 6) {
-        html = $('<ul>').append($('<li>').append($('<a>').attr('href', 'eap.htm').attr('title', 'Accueil').text(escapeHtml(nomenclature.toUpperCase())))).append(fin);
-    } else if (code) {
-        html = $('<ul>').append(breadcrumbs(getParentCode(sanitizedCode), true)).append(fin);
-    }
-    return html;
-}
+            fetch(queryURL, {
+                headers: {
+                    'Accept': 'application/sparql-results+json'
+                }
+            })
+            .then(response => response.json())
+            .then(data => {
+                if (data.results && data.results.bindings && Array.isArray(data.results.bindings) && data.results.bindings[0] && data.results.bindings[0].text) {
+                    const noteText = escapeHtml(data.results.bindings[0].text.value.replace(/\\/g, "\n"));
+                    $(`#${escapeHtml(tag)}`).append($('<div>').text(noteText)).addClass(tag);
+                } else {
+                    console.error("Invalid data structure received.");
+                }
+            })
+            .catch(() => {
+                console.error("Failed to fetch note.");
+            });
+        }
 
+        function breadcrumbs(code, finalLink) {
+            const niveau = code && code.length > 6 ? 'Produit détaillé ' : 'Produit agrégé ';
+            const name = escapeHtml(niveau + code);
+            const sanitizedCode = escapeHtml(code);
 
+            const fin = finalLink
+                ? $('<li>').append($('<a>').attr('href', replacement + encodeURIComponent(sanitizedCode)).attr('title', escapeHtml(name)).text(name))
+                : $('<li>').text(name);
 
+            let html;
+            if (code && code.length <= 6) {
+                html = $('<ul>').append($('<li>').append($('<a>').attr('href', 'eap.htm').attr('title', 'Accueil').text(escapeHtml(nomenclature.toUpperCase())))).append(fin);
+            } else if (code) {
+                html = $('<ul>').append(breadcrumbs(getParentCode(sanitizedCode), true)).append(fin);
+            }
+            return html;
+        }
 
         function getParentCode(code) {
             if (code && code.length > 6) {

From 198007ca61a15eec9750bea6f7738d011781c340 Mon Sep 17 00:00:00 2001
From: JeromeMBourgeois <jerome.bourgeois@insee.fr>
Date: Thu, 8 Aug 2024 12:07:00 +0200
Subject: [PATCH 11/20] update eap2021

---
 pages/common/eap2021/display-item.htm | 314 ++++++++++++--------------
 pages/common/eap2021/eap.htm          | 123 +++++-----
 2 files changed, 208 insertions(+), 229 deletions(-)

diff --git a/pages/common/eap2021/display-item.htm b/pages/common/eap2021/display-item.htm
index d6b3752..7aa3bf1 100644
--- a/pages/common/eap2021/display-item.htm
+++ b/pages/common/eap2021/display-item.htm
@@ -1,203 +1,189 @@
 <!DOCTYPE html>
-<html lang="fr">
+<html>
 <head>
-    <meta charset="utf-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <meta name="description" content="EAP - consultation">
+    <meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
     <title>EAP - consultation</title>
     <link href="../commun.css" rel="stylesheet" type="text/css"/>
-    <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha256-/xUj+3OJU5yExlq6GSYGSHk7tPXikynS7ogEvDej/m4=" crossorigin="anonymous"></script>
+    <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
     <script>
         const endpointURL = "https://rdf.insee.fr/sparql";
         const racine = "http://id.insee.fr/codes/";
         const nomenclature = "eap2021";
+        const regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
         const replacement = 'display-item.htm?code=';
         const itemTypes = ['Produit', 'produit'];
         const parentLength = [0, 4];
 
-        function escapeHtml(unsafe) {
-            return unsafe.replace(/[&<"'>]/g, function (m) {
-                return {
-                    '&': '&amp;',
-                    '<': '&lt;',
-                    '>': '&gt;',
-                    '"': '&quot;',
-                    "'": '&#039;'
-                }[m];
-            });
-        }
-
-        function sanitizeAndValidateInput(input) {
-            const sanitized = input ? input.replace(/[^a-zA-Z0-9]/g, '') : '';
-            return sanitized.match(/^[A-Za-z0-9]{1,10}$/) ? sanitized : null;
-        }
+        document.addEventListener("DOMContentLoaded", function() {
+            const code = encodeHTML(getURLParameter('code'));
+            document.getElementById('fil-ariane').innerHTML = '<ul>' + breadcrumbs(code, false) + '</ul>';
+            getLabel(code);
+        });
 
-        function getURLParameter(name) {
-            const param = decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search) || ["", ""])[1].replace(/\+/g, '%20')) || null;
-            if (param && /^[A-Za-z0-9\-]+$/.test(param)) {
-                return param;
+        async function fetchData(query, type = "json") {
+            const headers = {
+                'Accept': type === 'n-triples' ? 'application/n-triples' : 'application/sparql-results+json'
+            };
+            try {
+                const response = await fetch(`${endpointURL}?query=${encodeURIComponent(query)}`, {
+                    method: 'GET',
+                    headers: headers,
+                });
+                if (!response.ok) {
+                    throw new Error('Network response was not ok');
+                }
+                const contentType = response.headers.get("content-type");
+                if (type === "json" && contentType.includes("application/sparql-results+json")) {
+                    return await response.json();
+                } else if (type === "n-triples" && contentType.includes("application/n-triples")) {
+                    const text = await response.text();
+                    return parseNTriples(text);
+                } else {
+                    throw new Error('Received content is not in the expected format');
+                }
+            } catch (error) {
+                console.error('Error fetching data:', error);
+                throw error;
             }
-            return null;
         }
 
-        function validateData(data, requiredVars) {
-            if (data && data.results && data.results.bindings && Array.isArray(data.results.bindings)) {
-                return data.results.bindings.every(binding => {
-                    return requiredVars.every(varName => binding[varName] && binding[varName].value && typeof binding[varName].value === 'string');
-                });
-            }
-            return false;
+        function parseNTriples(text) {
+            const triples = text.trim().split('\n').map(line => {
+                const match = line.match(/<([^>]*)>\s*<([^>]*)>\s*<([^>]*)>|<([^>]*)>\s*<([^>]*)>\s*"([^"]*)"/);
+                if (match) {
+                    return {
+                        subject: match[1] || match[4],
+                        predicate: match[2] || match[5],
+                        object: match[3] || match[6]
+                    };
+                } else {
+                    console.error('Failed to parse n-triple line:', line);
+                    return null;
+                }
+            });
+            return triples.filter(triple => triple !== null);
         }
 
-        function getLabel(code) {
-            const query = `PREFIX skos:<http://www.w3.org/2004/02/skos/core#> 
+        async function getLabel(code) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
                 SELECT ?uri ?label WHERE {
                     GRAPH <http://rdf.insee.fr/graphes/codes/${nomenclature}> {
-                        ?uri skos:prefLabel ?label ; skos:notation '${escapeHtml(code)}'.
-                        FILTER langMatches(lang(?label), 'fr')
+                        ?uri skos:prefLabel ?label ; skos:notation '${encodeHTML(code)}'.
+                        FILTER langMatches (lang(?label), 'fr')
                     }
-                }`;
-            const queryURL = `${endpointURL}?query=${encodeURIComponent(query)}`;
-
-            fetch(queryURL, {
-                headers: {
-                    'Accept': 'application/sparql-results+json'
                 }
-            })
-            .then(response => response.json())
-            .then(data => {
-                if (validateData(data, ['uri', 'label'])) {
-                    const itemURI = escapeHtml(data.results.bindings[0].uri.value);
-                    $('#label').html(`${escapeHtml(code)} - ${escapeHtml(data.results.bindings[0].label.value)}`);
-                    if (code.length > 6) {
-                        getDescription(itemURI);
-                    }
-                    const childTypeIndex = (code.length === 6 ? 1 : 0);
-                    getChildren(itemURI, itemTypes[childTypeIndex]);
-                } else {
-                    $('#label').text("Code non trouvé");
+            `;
+            try {
+                const data = await fetchData(query);
+                const itemURI = data.results.bindings[0].uri.value;
+                document.getElementById('label').innerHTML = `${encodeHTML(code)} - ${encodeHTML(data.results.bindings[0].label.value)}`;
+                if (code.length > 6) {
+                    getDescription(itemURI);
                 }
-            })
-            .catch(() => {
-                $('#label').text("Erreur lors de la récupération des données");
-            });
+                const childTypeIndex = (code.length == 6 ? 1 : 0);
+                getChildren(itemURI, itemTypes[childTypeIndex]);
+            } catch (error) {
+                console.error('Error in getLabel:', error);
+            }
         }
 
-		function getDescription(itemURI) {
-    const query = `PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <${escapeHtml(itemURI)}>`;
-    const queryURL = `${endpointURL}?query=${encodeURIComponent(query)}`;
-
-    fetch(queryURL)
-        .then(response => response.text())  // Changez response.json() en response.text() car DESCRIBE peut retourner du RDF
-        .then(data => {
-            // Analyser et traiter les données RDF ici
-            const parser = new DOMParser();
-            const xmlDoc = parser.parseFromString(data, "application/xml");
-            // Parcourir le document XML pour trouver les notes
-            const bindings = xmlDoc.getElementsByTagName("binding");
-            for (let i = 0; i < bindings.length; i++) {
-                const binding = bindings[i];
-                const predicate = binding.getElementsByTagName("predicate")[0].textContent;
-                const object = binding.getElementsByTagName("object")[0].textContent;
-
-                if ([
-                    "http://www.w3.org/2004/02/skos/core#definition",
-                    "http://www.w3.org/2004/02/skos/core#scopeNote",
-                    "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote",
-                    "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote",
-                    "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote",
-                    "http://www.w3.org/2004/02/skos/core#note"
-                ].includes(predicate)) {
-                    getNote(object, "note-generale");
-                }
+        async function getDescription(itemURI) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                DESCRIBE <${encodeHTML(itemURI)}>
+            `;
+            try {
+                const data = await fetchData(query, "n-triples");
+                data.forEach(triple => {
+                    const predicateValue = triple.predicate;
+                    const objectValue = triple.object;
+                    if (predicateValue === "http://www.w3.org/2004/02/skos/core#definition") getNote(objectValue, "note-generale");
+                    else if (predicateValue === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(objectValue, "note-generale");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(objectValue, "contenu-central");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(objectValue, "contenu-limite");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(objectValue, "exclusions");
+                    else if (predicateValue === "http://www.w3.org/2004/02/skos/core#note") getNote(objectValue, "remarques");
+                });
+            } catch (error) {
+                console.error('Error in getDescription:', error);
             }
-        })
-        .catch(() => {
-            console.error("Failed to fetch description.");
-        });
-}
+        }
 
-        function getChildren(itemURI, childType) {
-            const query = `PREFIX skos:<http://www.w3.org/2004/02/skos/core#> 
+        async function getChildren(itemURI, childType) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
                 SELECT ?code ?label WHERE {
-                    <${escapeHtml(itemURI)}> skos:narrower ?child . 
-                    ?child skos:notation ?code ; skos:prefLabel ?label . 
-                    FILTER langMatches(lang(?label), 'fr') 
-                } ORDER BY ?code`;
-            const queryURL = `${endpointURL}?query=${encodeURIComponent(query)}`;
-
-            fetch(queryURL, {
-                headers: {
-                    'Accept': 'application/sparql-results+json'
-                }
-            })
-            .then(response => response.json())
-            .then(data => {
-                if (validateData(data, ['code', 'label']) && data.results.bindings.length > 0) {
-                    const list = $('<ul>').addClass('enfants');
-                    data.results.bindings.forEach(function (binding) {
-                        const childCode = escapeHtml(binding.code.value);
-                        const label = escapeHtml(binding.label.value);
-                        const listItem = $('<li>');
-                        const link = $('<a>').attr('href', replacement + encodeURIComponent(childCode)).html(`${childCode} - ${label}`);
-                        listItem.append(link);
-                        list.append(listItem);
+                    <${encodeHTML(itemURI)}> skos:narrower ?child .
+                    ?child skos:notation ?code ; skos:prefLabel ?label .
+                    FILTER langMatches (lang(?label), 'fr')
+                } ORDER BY ?code
+            `;
+            try {
+                const data = await fetchData(query);
+                if (data.results.bindings.length > 0) {
+                    let innerHTML = '<p class="nom-enfants">Liste des produits détaillés</p><ul class="enfants">';
+                    data.results.bindings.forEach(item => {
+                        const childCode = encodeHTML(item.code.value);
+                        const childLabel = encodeHTML(item.label.value);
+                        innerHTML += `<li><p><a href="${replacement}${encodeURIComponent(childCode)}">${childCode} - ${childLabel}</a></p></li>`;
                     });
-                    $('#sous-items').empty().append($('<p>').addClass('nom-enfants').text('Liste des produits détaillés')).append(list).addClass("sous-items");
-                } else {
-                    $('#sous-items').empty();
+                    innerHTML += '</ul>';
+                    const sousItemsElement = document.getElementById('sous-items');
+                    sousItemsElement.innerHTML = innerHTML;
+                    sousItemsElement.classList.add("sous-items");
                 }
-            })
-            .catch(() => {
-                console.error("Failed to fetch children.");
-            });
+            } catch (error) {
+                console.error('Error in getChildren:', error);
+            }
         }
 
-        function getNote(uri, tag) {
-            const query = `SELECT ?text WHERE { <${escapeHtml(uri)}> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }`;
-            const queryURL = `${endpointURL}?query=${encodeURIComponent(query)}`;
-
-            fetch(queryURL, {
-                headers: {
-                    'Accept': 'application/sparql-results+json'
-                }
-            })
-            .then(response => response.json())
-            .then(data => {
-                if (data.results && data.results.bindings && Array.isArray(data.results.bindings) && data.results.bindings[0] && data.results.bindings[0].text) {
-                    const noteText = escapeHtml(data.results.bindings[0].text.value.replace(/\\/g, "\n"));
-                    $(`#${escapeHtml(tag)}`).append($('<div>').text(noteText)).addClass(tag);
-                } else {
-                    console.error("Invalid data structure received.");
+        async function getNote(uri, tag) {
+            const query = `
+                SELECT ?text WHERE {
+                    <${encodeHTML(uri)}> <http://eurovoc.europa.eu/schema#noteLiteral> ?text
                 }
-            })
-            .catch(() => {
-                console.error("Failed to fetch note.");
-            });
+            `;
+            try {
+                const data = await fetchData(query);
+                const noteText = encodeHTML(data.results.bindings[0].text.value.replace(regex, replacement));
+                const tagElement = document.getElementById(tag);
+                tagElement.innerHTML += noteText.replace(/\\\$/g, "<br />");
+                tagElement.classList.add(tag);
+            } catch (error) {
+                console.error('Error in getNote:', error);
+            }
         }
 
-        function breadcrumbs(code, finalLink) {
-            const niveau = code && code.length > 6 ? 'Produit détaillé ' : 'Produit agrégé ';
-            const name = escapeHtml(niveau + code);
-            const sanitizedCode = escapeHtml(code);
+        function getURLParameter(name) {
+            const result = new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search);
+            return result ? decodeURIComponent(result[1].replace(/\+/g, '%20')) : null;
+        }
 
-            const fin = finalLink
-                ? $('<li>').append($('<a>').attr('href', replacement + encodeURIComponent(sanitizedCode)).attr('title', escapeHtml(name)).text(name))
-                : $('<li>').text(name);
+        function breadcrumbs(code, finalLink) {
+            let niveau;
+            if (code && code.length > 6) {
+                niveau = 'Produit détaillé ';
+            } else {
+                niveau = 'Produit agrégé ';
+            }
+            const name = `${niveau}${encodeHTML(code)}`;
+            const fin = finalLink ?
+                `<li><a href="${replacement}${encodeURIComponent(code)}" title="${name}">${name}</a></li>` :
+                `<li>${name}</li>`;
 
-            let html;
             if (code && code.length <= 6) {
-                html = $('<ul>').append($('<li>').append($('<a>').attr('href', 'eap.htm').attr('title', 'Accueil').text(escapeHtml(nomenclature.toUpperCase())))).append(fin);
+                return `<li><a href="eap.htm" title="Accueil">${nomenclature.toUpperCase()}</a></li>&nbsp;${fin}`;
             } else if (code) {
-                html = $('<ul>').append(breadcrumbs(getParentCode(sanitizedCode), true)).append(fin);
+                return `${breadcrumbs(getParentCode(code), true)}&nbsp;${fin}`;
             }
-            return html;
+            return '';
         }
 
         function getParentCode(code) {
             if (code && code.length > 6) {
                 let codeParent = code.substr(0, parentLength[1]);
-                if (code.slice(-1).match(/[A-Z]/)) {
+                if (/[A-Z]/.test(code.slice(-1))) {
                     codeParent += code.slice(-1).toLowerCase();
                 }
                 return codeParent;
@@ -205,17 +191,15 @@
             return null;
         }
 
-        $(document).ready(function () {
-            const code = sanitizeAndValidateInput(getURLParameter('code'));
-            if (!code) {
-                $('#label').text("Code non trouvé");
-                return;
-            }
-            $('#fil-ariane').empty().append($('<ul>').append(breadcrumbs(code, false)));
-            getLabel(code);
-        });
+        // Encode HTML entities to prevent XSS
+        function encodeHTML(str) {
+            return str.replace(/&/g, '&amp;')
+                      .replace(/</g, '&lt;')
+                      .replace(/>/g, '&gt;')
+                      .replace(/"/g, '&quot;')
+                      .replace(/'/g, '&#39;');
+        }
     </script>
-    <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' https://code.jquery.com; style-src 'self' 'unsafe-inline'; connect-src 'self' https://rdf.insee.fr; object-src 'none';">
 </head>
 <body>
     <div id="fil-ariane"></div>
diff --git a/pages/common/eap2021/eap.htm b/pages/common/eap2021/eap.htm
index e979739..a241fc2 100644
--- a/pages/common/eap2021/eap.htm
+++ b/pages/common/eap2021/eap.htm
@@ -1,12 +1,10 @@
 <!DOCTYPE html>
-<html lang="fr">
+<html>
 <head>
-    <meta charset="utf-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <meta name="description" content="Consultation - EAP 2021">
+    <meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
     <title>Consultation - EAP 2021</title>
     <link href="../commun.css" rel="stylesheet" type="text/css"/>
-    <script src="https://code.jquery.com/jquery-1.11.1.min.js" integrity="sha256-VAvG3sHdS5LqTT+5A/aeq/bZGa/Uj04xKxY8KM/w9EE=" crossorigin="anonymous"></script>
+    <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
     <script>
         const endpointURL = "https://rdf.insee.fr/sparql";
         const racine = "http://id.insee.fr/codes/";
@@ -14,73 +12,70 @@
         const niveau = "produits";
         const niveau2 = "produitsAgreges";
 
-        function escapeHtml(unsafe) {
-            return unsafe.replace(/[&<"'>]/g, function (m) {
-                return {
-                    '&': '&amp;',
-                    '<': '&lt;',
-                    '>': '&gt;',
-                    '"': '&quot;',
-                    "'": '&#039;'
-                }[m];
-            });
-        }
-
-        function validateData(data) {
-            if (data && data.results && data.results.bindings && Array.isArray(data.results.bindings)) {
-                return data.results.bindings.every(binding => {
-                    return binding.code && binding.code.value && typeof binding.code.value === 'string' &&
-                           binding.label && binding.label.value && typeof binding.label.value === 'string';
-                });
-            }
-            return false;
-        }
-
-        $(document).ready(function () {
-            const queryBase = 'PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ';
+        document.addEventListener("DOMContentLoaded", function() {
+            const fetchData = (queryURL, elementId, title) => {
+                fetch(queryURL, {
+                    headers: {
+                        'Accept': 'application/sparql-results+json'
+                    }
+                })
+                .then(response => {
+                    if (!response.ok) {
+                        throw new Error('Network response was not ok');
+                    }
+                    return response.json();
+                })
+                .then(data => {
+                    let innerHTML = `<p class="nom-enfants">${title}</p><ul class="enfants">`;
+                    data.results.bindings.forEach(item => {
+                        const childCode = encodeHTML(item.code.value);
+                        const childLabel = encodeHTML(item.label.value);
+                        innerHTML += `<li><p><a href="display-item.htm?code=${encodeURIComponent(childCode)}">${childCode} - ${childLabel}</a></p></li>`;
+                    });
+                    innerHTML += '</ul>';
+                    document.getElementById(elementId).innerHTML = innerHTML;
+                })
+                .catch(error => console.error('Error fetching data:', error));
+            };
 
-            function buildQuery(niveau) {
-                return `${queryBase} SELECT ?code ?label WHERE {
+            const query1 = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?code ?label WHERE {
                     GRAPH <http://rdf.insee.fr/graphes/codes/${nomenclature}> {
-                        ?uri skos:prefLabel ?label ; skos:notation ?code .
+                        ?uri skos:prefLabel ?label ;
+                             skos:notation ?code .
                         <${racine}${nomenclature}/${niveau}> skos:member ?uri .
                         FILTER langMatches(lang(?label), "fr")
                     }
-                } ORDER BY ?code`;
-            }
-
-            function handleData(data, containerId, title) {
-                if (validateData(data)) {
-                    let innerHTML = `<p class="nom-enfants">${escapeHtml(title)}</p><ul class="enfants">`;
-                    data.results.bindings.forEach(function (binding) {
-                        const childCode = escapeHtml(binding.code.value);
-                        const label = escapeHtml(binding.label.value);
-                        innerHTML += `<li><p><a href="display-item.htm?code=${childCode}">${childCode} - ${label}</a></p></li>`;
-                    });
-                    innerHTML += '</ul>';
-                    $(`#${containerId}`).html(innerHTML);
-                } else {
-                    console.error("Invalid data structure received.");
-                }
-            }
-
-            function fetchData(query, containerId, title) {
-                const queryURL = `${endpointURL}?query=${encodeURIComponent(query)}`;
-                $.getJSON(queryURL).done(function (data) {
-                    handleData(data, containerId, title);
-                }).fail(function () {
-                    console.error("Erreur lors de la récupération des données");
-                });
-            }
+                } ORDER BY ?code
+            `;
+            const queryURL1 = `${endpointURL}?query=${encodeURIComponent(query1)}`;
+            fetchData(queryURL1, 'sous-items2', 'Liste des produits détaillés');
 
-            const query1 = buildQuery(niveau);
-            fetchData(query1, 'sous-items2', 'Liste des produits détaillés');
-
-            const query2 = buildQuery(niveau2);
-            fetchData(query2, 'sous-items1', 'Liste des produits agrégés');
+            const query2 = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?code ?label WHERE {
+                    GRAPH <http://rdf.insee.fr/graphes/codes/${nomenclature}> {
+                        ?uri skos:prefLabel ?label ;
+                             skos:notation ?code .
+                        <${racine}${nomenclature}/${niveau2}> skos:member ?uri .
+                        FILTER langMatches(lang(?label), "fr")
+                    }
+                } ORDER BY ?code
+            `;
+            const queryURL2 = `${endpointURL}?query=${encodeURIComponent(query2)}`;
+            fetchData(queryURL2, 'sous-items1', 'Liste des produits agrégés');
         });
+
+        // Encode HTML entities to prevent XSS
+        function encodeHTML(str) {
+            return str.replace(/&/g, '&amp;')
+                      .replace(/</g, '&lt;')
+                      .replace(/>/g, '&gt;')
+                      .replace(/"/g, '&quot;')
+                      .replace(/'/g, '&#39;');
+        }
     </script>
-    <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' https://code.jquery.com; style-src 'self' 'unsafe-inline'; connect-src 'self' https://rdf.insee.fr; object-src 'none';">
 </head>
 <body>
     <h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP) 2021</h1>

From 5176a41c01263816d608134e92aab580d7974c5f Mon Sep 17 00:00:00 2001
From: JeromeMBourgeois <jerome.bourgeois@insee.fr>
Date: Thu, 8 Aug 2024 13:46:03 +0200
Subject: [PATCH 12/20] up eap 2021

---
 pages/common/eap2021/display-item.htm | 15 ++++--
 pages/common/eap2021/eap.htm          | 68 ++++++++++++++++++---------
 2 files changed, 56 insertions(+), 27 deletions(-)

diff --git a/pages/common/eap2021/display-item.htm b/pages/common/eap2021/display-item.htm
index 7aa3bf1..ddcc3d6 100644
--- a/pages/common/eap2021/display-item.htm
+++ b/pages/common/eap2021/display-item.htm
@@ -15,9 +15,11 @@
         const parentLength = [0, 4];
 
         document.addEventListener("DOMContentLoaded", function() {
-            const code = encodeHTML(getURLParameter('code'));
-            document.getElementById('fil-ariane').innerHTML = '<ul>' + breadcrumbs(code, false) + '</ul>';
-            getLabel(code);
+            const code = sanitizeInput(getURLParameter('code'));
+            if (code) {
+                document.getElementById('fil-ariane').innerHTML = '<ul>' + breadcrumbs(code, false) + '</ul>';
+                getLabel(code);
+            }
         });
 
         async function fetchData(query, type = "json") {
@@ -77,7 +79,7 @@
             try {
                 const data = await fetchData(query);
                 const itemURI = data.results.bindings[0].uri.value;
-                document.getElementById('label').innerHTML = `${encodeHTML(code)} - ${encodeHTML(data.results.bindings[0].label.value)}`;
+                document.getElementById('label').textContent = `${code} - ${data.results.bindings[0].label.value}`;
                 if (code.length > 6) {
                     getDescription(itemURI);
                 }
@@ -199,6 +201,11 @@
                       .replace(/"/g, '&quot;')
                       .replace(/'/g, '&#39;');
         }
+
+        // Sanitize input to prevent XSS
+        function sanitizeInput(input) {
+            return input ? input.replace(/[^a-zA-Z0-9-_]/g, '') : '';
+        }
     </script>
 </head>
 <body>
diff --git a/pages/common/eap2021/eap.htm b/pages/common/eap2021/eap.htm
index a241fc2..1eca6c0 100644
--- a/pages/common/eap2021/eap.htm
+++ b/pages/common/eap2021/eap.htm
@@ -5,6 +5,26 @@
     <title>Consultation - EAP 2021</title>
     <link href="../commun.css" rel="stylesheet" type="text/css"/>
     <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
+    <script src="https://cdn.jsdelivr.net/npm/handlebars@latest/dist/handlebars.min.js"></script>
+</head>
+<body>
+    <h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP) 2021</h1>
+    <div class="note-generale">
+        <p>Liste des produits de l'Enquête Annuelle de Production 2021</p>
+    </div>
+    <div id="sous-items1" class="sous-items" style="width: 45%; float: left;"></div>
+    <div id="sous-items2" class="sous-items" style="width: 45%; float: left;"></div>
+
+    <!-- Template for items -->
+    <script id="items-template" type="text/x-handlebars-template">
+        <p class="nom-enfants">{{title}}</p>
+        <ul class="enfants">
+        {{#each items}}
+            <li><p><a href="display-item.htm?code={{encodeURIComponent code}}">{{code}} - {{label}}</a></p></li>
+        {{/each}}
+        </ul>
+    </script>
+
     <script>
         const endpointURL = "https://rdf.insee.fr/sparql";
         const racine = "http://id.insee.fr/codes/";
@@ -26,14 +46,18 @@
                     return response.json();
                 })
                 .then(data => {
-                    let innerHTML = `<p class="nom-enfants">${title}</p><ul class="enfants">`;
-                    data.results.bindings.forEach(item => {
-                        const childCode = encodeHTML(item.code.value);
-                        const childLabel = encodeHTML(item.label.value);
-                        innerHTML += `<li><p><a href="display-item.htm?code=${encodeURIComponent(childCode)}">${childCode} - ${childLabel}</a></p></li>`;
-                    });
-                    innerHTML += '</ul>';
-                    document.getElementById(elementId).innerHTML = innerHTML;
+                    const templateSource = document.getElementById('items-template').innerHTML;
+                    const template = Handlebars.compile(templateSource);
+
+                    const context = {
+                        title: title,
+                        items: data.results.bindings.map(item => ({
+                            code: item.code.value,
+                            label: item.label.value
+                        }))
+                    };
+
+                    document.getElementById(elementId).innerHTML = template(context);
                 })
                 .catch(error => console.error('Error fetching data:', error));
             };
@@ -67,22 +91,20 @@
             fetchData(queryURL2, 'sous-items1', 'Liste des produits agrégés');
         });
 
-        // Encode HTML entities to prevent XSS
-        function encodeHTML(str) {
-            return str.replace(/&/g, '&amp;')
-                      .replace(/</g, '&lt;')
-                      .replace(/>/g, '&gt;')
-                      .replace(/"/g, '&quot;')
-                      .replace(/'/g, '&#39;');
+        // Helper to encode URL components
+        Handlebars.registerHelper('encodeURIComponent', function(context) {
+            return encodeURIComponent(context);
+        });
+
+        // Helper to sanitize input
+        Handlebars.registerHelper('sanitize', function(context) {
+            return Handlebars.escapeExpression(context);
+        });
+
+        // Sanitize input to prevent XSS and other injections
+        function sanitizeInput(input) {
+            return input ? input.replace(/[^a-zA-Z0-9-_ ]/g, '') : '';
         }
     </script>
-</head>
-<body>
-    <h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP) 2021</h1>
-    <div class="note-generale">
-        <p>Liste des produits de l'Enquête Annuelle de Production 2021</p>
-    </div>
-    <div id="sous-items1" class="sous-items" style="width: 45%; float: left;"></div>
-    <div id="sous-items2" class="sous-items" style="width: 45%; float: left;"></div>
 </body>
 </html>

From 4f510fd9ef8c4b831e0d066dc9179f8b1ae9b23f Mon Sep 17 00:00:00 2001
From: JeromeMBourgeois <jerome.bourgeois@insee.fr>
Date: Thu, 8 Aug 2024 14:02:58 +0200
Subject: [PATCH 13/20] Update eap.htm

---
 pages/common/eap2021/eap.htm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pages/common/eap2021/eap.htm b/pages/common/eap2021/eap.htm
index 1eca6c0..6d6ee45 100644
--- a/pages/common/eap2021/eap.htm
+++ b/pages/common/eap2021/eap.htm
@@ -17,10 +17,10 @@ <h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP)
 
     <!-- Template for items -->
     <script id="items-template" type="text/x-handlebars-template">
-        <p class="nom-enfants">{{title}}</p>
+        <p class="nom-enfants">{{sanitize title}}</p>
         <ul class="enfants">
         {{#each items}}
-            <li><p><a href="display-item.htm?code={{encodeURIComponent code}}">{{code}} - {{label}}</a></p></li>
+            <li><p><a href="display-item.htm?code={{encodeURIComponent code}}">{{sanitize code}} - {{sanitize label}}</a></p></li>
         {{/each}}
         </ul>
     </script>

From 7e60c61a2915fe7727818dd6c7b878676f0c8d8c Mon Sep 17 00:00:00 2001
From: JeromeMBourgeois <jerome.bourgeois@insee.fr>
Date: Thu, 8 Aug 2024 14:21:55 +0200
Subject: [PATCH 14/20] Update eap.htm

---
 pages/common/eap2021/eap.htm | 32 ++++++++++++++++++++++----------
 1 file changed, 22 insertions(+), 10 deletions(-)

diff --git a/pages/common/eap2021/eap.htm b/pages/common/eap2021/eap.htm
index 6d6ee45..03669fc 100644
--- a/pages/common/eap2021/eap.htm
+++ b/pages/common/eap2021/eap.htm
@@ -32,6 +32,21 @@ <h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP)
         const niveau = "produits";
         const niveau2 = "produitsAgreges";
 
+        function escapeHTML(str) {
+            return str.replace(/[&<>"'`=\/]/g, function(s) {
+                return {
+                    '&': '&amp;',
+                    '<': '&lt;',
+                    '>': '&gt;',
+                    '"': '&quot;',
+                    "'": '&#39;',
+                    '/': '&#x2F;',
+                    '`': '&#x60;',
+                    '=': '&#x3D;'
+                }[s];
+            });
+        }
+
         document.addEventListener("DOMContentLoaded", function() {
             const fetchData = (queryURL, elementId, title) => {
                 fetch(queryURL, {
@@ -46,15 +61,17 @@ <h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP)
                     return response.json();
                 })
                 .then(data => {
+                    const sanitizedItems = data.results.bindings.map(item => ({
+                        code: escapeHTML(item.code.value),
+                        label: escapeHTML(item.label.value)
+                    }));
+
                     const templateSource = document.getElementById('items-template').innerHTML;
                     const template = Handlebars.compile(templateSource);
 
                     const context = {
-                        title: title,
-                        items: data.results.bindings.map(item => ({
-                            code: item.code.value,
-                            label: item.label.value
-                        }))
+                        title: escapeHTML(title),
+                        items: sanitizedItems
                     };
 
                     document.getElementById(elementId).innerHTML = template(context);
@@ -100,11 +117,6 @@ <h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP)
         Handlebars.registerHelper('sanitize', function(context) {
             return Handlebars.escapeExpression(context);
         });
-
-        // Sanitize input to prevent XSS and other injections
-        function sanitizeInput(input) {
-            return input ? input.replace(/[^a-zA-Z0-9-_ ]/g, '') : '';
-        }
     </script>
 </body>
 </html>

From 6977a695d21316738d681997f9f151e1a6d53812 Mon Sep 17 00:00:00 2001
From: JeromeMBourgeois <jerome.bourgeois@insee.fr>
Date: Thu, 8 Aug 2024 14:38:28 +0200
Subject: [PATCH 15/20] Add dompurify

---
 pages/common/eap2021/eap.htm | 30 +++++++-----------------------
 1 file changed, 7 insertions(+), 23 deletions(-)

diff --git a/pages/common/eap2021/eap.htm b/pages/common/eap2021/eap.htm
index 03669fc..59157bb 100644
--- a/pages/common/eap2021/eap.htm
+++ b/pages/common/eap2021/eap.htm
@@ -6,6 +6,7 @@
     <link href="../commun.css" rel="stylesheet" type="text/css"/>
     <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
     <script src="https://cdn.jsdelivr.net/npm/handlebars@latest/dist/handlebars.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.1.6/purify.min.js" integrity="sha384-kphE34mJ4ksz5JkDejM0mI+5qbb+mRyVDCJm3nDA56bbUFflqAr6KPT3AKz3qOgh" crossorigin="anonymous"></script>
 </head>
 <body>
     <h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP) 2021</h1>
@@ -32,21 +33,6 @@ <h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP)
         const niveau = "produits";
         const niveau2 = "produitsAgreges";
 
-        function escapeHTML(str) {
-            return str.replace(/[&<>"'`=\/]/g, function(s) {
-                return {
-                    '&': '&amp;',
-                    '<': '&lt;',
-                    '>': '&gt;',
-                    '"': '&quot;',
-                    "'": '&#39;',
-                    '/': '&#x2F;',
-                    '`': '&#x60;',
-                    '=': '&#x3D;'
-                }[s];
-            });
-        }
-
         document.addEventListener("DOMContentLoaded", function() {
             const fetchData = (queryURL, elementId, title) => {
                 fetch(queryURL, {
@@ -61,20 +47,18 @@ <h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP)
                     return response.json();
                 })
                 .then(data => {
-                    const sanitizedItems = data.results.bindings.map(item => ({
-                        code: escapeHTML(item.code.value),
-                        label: escapeHTML(item.label.value)
-                    }));
-
                     const templateSource = document.getElementById('items-template').innerHTML;
                     const template = Handlebars.compile(templateSource);
 
                     const context = {
-                        title: escapeHTML(title),
-                        items: sanitizedItems
+                        title: DOMPurify.sanitize(title),
+                        items: data.results.bindings.map(item => ({
+                            code: DOMPurify.sanitize(item.code.value),
+                            label: DOMPurify.sanitize(item.label.value)
+                        }))
                     };
 
-                    document.getElementById(elementId).innerHTML = template(context);
+                    document.getElementById(elementId).innerHTML = DOMPurify.sanitize(template(context));
                 })
                 .catch(error => console.error('Error fetching data:', error));
             };

From fa722f96c2a29b250be06dfa72b769a8fde98475 Mon Sep 17 00:00:00 2001
From: JeromeMBourgeois <jerome.bourgeois@insee.fr>
Date: Thu, 8 Aug 2024 17:15:44 +0200
Subject: [PATCH 16/20] update eap and test emb

---
 pages/common/eap2017/display-item.htm | 363 +++++++++++++----------
 pages/common/eap2017/eap.htm          | 161 ++++++----
 pages/common/eap2018/display-item.htm | 363 +++++++++++++----------
 pages/common/eap2018/eap.htm          | 161 ++++++----
 pages/common/eap2019/display-item.htm | 363 +++++++++++++----------
 pages/common/eap2019/eap.htm          | 161 ++++++----
 pages/common/eap2020/display-item.htm | 363 +++++++++++++----------
 pages/common/eap2020/eap.htm          | 161 ++++++----
 pages/common/eap2022/display-item.htm | 363 +++++++++++++----------
 pages/common/eap2022/eap.htm          | 161 ++++++----
 pages/common/eap2023/display-item.htm | 363 +++++++++++++----------
 pages/common/eap2023/eap.htm          | 161 ++++++----
 pages/common/emb2021/display-item.htm | 406 ++++++++++++++++----------
 pages/common/emb2021/emb.htm          | 166 +++++++----
 14 files changed, 2227 insertions(+), 1489 deletions(-)

diff --git a/pages/common/eap2017/display-item.htm b/pages/common/eap2017/display-item.htm
index 0c94aa6..0509128 100644
--- a/pages/common/eap2017/display-item.htm
+++ b/pages/common/eap2017/display-item.htm
@@ -1,169 +1,224 @@
 <!DOCTYPE html>
-<html lang="fr">
-	<head>
-		<meta charset="utf-8">
-		<meta name="viewport" content="width=device-width, initial-scale=1.0">
-		<meta name="description" content="EAP - consultation">
-		<title>EAP - consultation</title>
-		<link href="../commun.css" rel="stylesheet" type="text/css"/>
-		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
-		<script>
-			var endpointURL = "https://rdf.insee.fr/sparql";
-			var racine = "http://id.insee.fr/codes/";
-			var nomenclature = "eap2017";
-			var regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
-			var replacement = 'display-item.htm?code=';
-			var itemTypes = ['Produit', 'produit'];
-			var parentLength = [0, 4];
+<html>
+<head>
+    <meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
+    <title>EAP - consultation</title>
+    <link href="../commun.css" rel="stylesheet" type="text/css"/>
+    <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
+    <script>
+        const endpointURL = "https://rdf.insee.fr/sparql";
+        const racine = "http://id.insee.fr/codes/";
+        const nomenclature = "eap2017";
+        const regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
+        const replacement = 'display-item.htm?code=';
+        const itemTypes = ['Produit', 'produit'];
+        const parentLength = [0, 4];
 
-			$(document).ready(function() {
-				var code = getURLParameter('code');
-				$('#fil-ariane').html('<ul>' + breadcrumbs(code, false) + '</ul>');
-				getLabel(code);
-			});
+        document.addEventListener("DOMContentLoaded", function() {
+            const code = sanitizeInput(getURLParameter('code'));
+            if (code) {
+                document.getElementById('fil-ariane').innerHTML = '<ul>' + breadcrumbs(code, false) + '</ul>';
+                getLabel(code);
+            }
+        });
 
-			function escapeHtml(text) {
-				var map = {
-					'&': '&amp;',
-					'<': '&lt;',
-					'>': '&gt;',
-					'"': '&quot;',
-					"'": '&#039;'
-				};
-				return text.replace(/[&<>"']/g, function(m) { return map[m]; });
-			}
+        async function fetchData(query, type = "json") {
+            const headers = {
+                'Accept': type === 'n-triples' ? 'application/n-triples' : 'application/sparql-results+json'
+            };
+            try {
+                const response = await fetch(`${endpointURL}?query=${encodeURIComponent(query)}`, {
+                    method: 'GET',
+                    headers: headers,
+                });
+                if (!response.ok) {
+                    throw new Error('Network response was not ok');
+                }
+                const contentType = response.headers.get("content-type");
+                if (type === "json" && contentType.includes("application/sparql-results+json")) {
+                    return await response.json();
+                } else if (type === "n-triples" && contentType.includes("application/n-triples")) {
+                    const text = await response.text();
+                    return parseNTriples(text);
+                } else {
+                    throw new Error('Received content is not in the expected format');
+                }
+            } catch (error) {
+                console.error('Error fetching data:', error);
+                throw error;
+            }
+        }
 
-			function getLabel(code) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ";
-				query += "SELECT ?uri ?label WHERE {";
-				query += "GRAPH <http://rdf.insee.fr/graphes/codes/" + nomenclature + "> {";
-				query += "?uri skos:prefLabel ?label ; skos:notation '" + escapeHtml(code);
-				query += "'. FILTER langMatches (lang(?label), 'fr')}";
-				query += " . }";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+        function parseNTriples(text) {
+            const triples = text.trim().split('\n').map(line => {
+                const match = line.match(/<([^>]*)>\s*<([^>]*)>\s*<([^>]*)>|<([^>]*)>\s*<([^>]*)>\s*"([^"]*)"/);
+                if (match) {
+                    return {
+                        subject: match[1] || match[4],
+                        predicate: match[2] || match[5],
+                        object: match[3] || match[6]
+                    };
+                } else {
+                    console.error('Failed to parse n-triple line:', line);
+                    return null;
+                }
+            });
+            return triples.filter(triple => triple !== null);
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var itemURI = data.results.bindings[0].uri.value;
-						$('#label').html(escapeHtml(code) + " - " + escapeHtml(data.results.bindings[0].label.value));
-						if (code.length > 6) {
-							getDescription(itemURI);
-						}
-						var childTypeIndex = (code.length == 6 ? 1 : 0);
-						getChildren(itemURI, itemTypes[childTypeIndex]);
-					} else {
-						$('#label').html("<p>Code non trouvé</p>");
-					}
-				}).fail(function() {
-					$('#label').html("<p>Erreur lors de la récupération des données</p>");
-				});
-			}
+        async function getLabel(code) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?uri ?label WHERE {
+                    GRAPH <http://rdf.insee.fr/graphes/codes/${nomenclature}> {
+                        ?uri skos:prefLabel ?label ; skos:notation '${encodeHTML(code)}'.
+                        FILTER langMatches (lang(?label), 'fr')
+                    }
+                }
+            `;
+            try {
+                const data = await fetchData(query);
+                const itemURI = data.results.bindings[0].uri.value;
+                document.getElementById('label').textContent = `${code} - ${data.results.bindings[0].label.value}`;
+                if (code.length > 6) {
+                    getDescription(itemURI);
+                }
+                const childTypeIndex = (code.length == 6 ? 1 : 0);
+                getChildren(itemURI, itemTypes[childTypeIndex]);
+            } catch (error) {
+                console.error('Error in getLabel:', error);
+            }
+        }
 
-			function getDescription(itemURI) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + escapeHtml(itemURI) + ">";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+        async function getDescription(itemURI) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                DESCRIBE <${encodeHTML(itemURI)}>
+            `;
+            try {
+                const data = await fetchData(query, "n-triples");
+                data.forEach(triple => {
+                    const predicateValue = triple.predicate;
+                    const objectValue = triple.object;
+                    if (predicateValue === "http://www.w3.org/2004/02/skos/core#definition") getNote(objectValue, "note-generale");
+                    else if (predicateValue === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(objectValue, "note-generale");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(objectValue, "contenu-central");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(objectValue, "contenu-limite");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(objectValue, "exclusions");
+                    else if (predicateValue === "http://www.w3.org/2004/02/skos/core#note") getNote(objectValue, "remarques");
+                });
+            } catch (error) {
+                console.error('Error in getDescription:', error);
+            }
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var bindingObject = data.results.bindings[index];
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale");
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions");
-						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques");
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        async function getChildren(itemURI, childType) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?code ?label WHERE {
+                    <${encodeHTML(itemURI)}> skos:narrower ?child .
+                    ?child skos:notation ?code ; skos:prefLabel ?label .
+                    FILTER langMatches (lang(?label), 'fr')
+                } ORDER BY ?code
+            `;
+            try {
+                const data = await fetchData(query);
+                if (data.results.bindings.length > 0) {
+                    let innerHTML = '<p class="nom-enfants">Liste des produits détaillés</p><ul class="enfants">';
+                    data.results.bindings.forEach(item => {
+                        const childCode = encodeHTML(item.code.value);
+                        const childLabel = encodeHTML(item.label.value);
+                        innerHTML += `<li><p><a href="${replacement}${encodeURIComponent(childCode)}">${childCode} - ${childLabel}</a></p></li>`;
+                    });
+                    innerHTML += '</ul>';
+                    const sousItemsElement = document.getElementById('sous-items');
+                    sousItemsElement.innerHTML = innerHTML;
+                    sousItemsElement.classList.add("sous-items");
+                }
+            } catch (error) {
+                console.error('Error in getChildren:', error);
+            }
+        }
 
-			function getChildren(itemURI, childType) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + escapeHtml(itemURI) + "> skos:narrower ?child . ";
-				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+        async function getNote(uri, tag) {
+            const query = `
+                SELECT ?text WHERE {
+                    <${encodeHTML(uri)}> <http://eurovoc.europa.eu/schema#noteLiteral> ?text
+                }
+            `;
+            try {
+                const data = await fetchData(query);
+                const noteText = encodeHTML(data.results.bindings[0].text.value.replace(regex, replacement));
+                const tagElement = document.getElementById(tag);
+                tagElement.innerHTML += noteText.replace(/\\\$/g, "<br />");
+                tagElement.classList.add(tag);
+            } catch (error) {
+                console.error('Error in getNote:', error);
+            }
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var innerHTML = '<p class="nom-enfants">Liste des produits détaillés</p><ul class="enfants">';
-						for (var index = 0; index < data.results.bindings.length; index++) {
-							var childCode = data.results.bindings[index].code.value;
-							innerHTML += '<li><p><a href="'+ replacement + escapeHtml(childCode) + '">' + escapeHtml(childCode) + ' - ' + escapeHtml(data.results.bindings[index].label.value) + '</a></p></li>';
-						}
-						innerHTML += '</ul>';
-						$('#sous-items').html(innerHTML);
-						$('#sous-items').addClass("sous-items");
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        function getURLParameter(name) {
+            const result = new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search);
+            return result ? decodeURIComponent(result[1].replace(/\+/g, '%20')) : null;
+        }
 
-			function getURLParameter(name) {
-    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20')) || null;
-			}
+        function breadcrumbs(code, finalLink) {
+            let niveau;
+            if (code && code.length > 6) {
+                niveau = 'Produit détaillé ';
+            } else {
+                niveau = 'Produit agrégé ';
+            }
+            const name = `${niveau}${encodeHTML(code)}`;
+            const fin = finalLink ?
+                `<li><a href="${replacement}${encodeURIComponent(code)}" title="${name}">${name}</a></li>` :
+                `<li>${name}</li>`;
 
-			function getNote(uri, tag) {
-				var query = 'SELECT ?text WHERE { <' + escapeHtml(uri) + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }';
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+            if (code && code.length <= 6) {
+                return `<li><a href="eap.htm" title="Accueil">${nomenclature.toUpperCase()}</a></li>&nbsp;${fin}`;
+            } else if (code) {
+                return `${breadcrumbs(getParentCode(code), true)}&nbsp;${fin}`;
+            }
+            return '';
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
-						$('#' + tag).append(escapeHtml(noteText).replace(/\\\$/g, "<br />"));
-						$('#' + tag).addClass(tag);
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        function getParentCode(code) {
+            if (code && code.length > 6) {
+                let codeParent = code.substr(0, parentLength[1]);
+                if (/[A-Z]/.test(code.slice(-1))) {
+                    codeParent += code.slice(-1).toLowerCase();
+                }
+                return codeParent;
+            }
+            return null;
+        }
 
-			function breadcrumbs(code, finalLink) {
-				var niveau;
-				if (code && code.length > 6) {
-					niveau = 'Produit détaillé ';
-				} else {
-					niveau = 'Produit agrégé ';
-				}
-				var name = escapeHtml(niveau + code);
-				var html;
-				var fin = (finalLink ?
-					('<li><a href="'+ replacement + escapeHtml(code) +'" title="' + name + '">' + name + '</a></li>')
-					: ('<li>' + name + '</li>')
-				);
+        // Encode HTML entities to prevent XSS
+        function encodeHTML(str) {
+            return str.replace(/&/g, '&amp;')
+                      .replace(/</g, '&lt;')
+                      .replace(/>/g, '&gt;')
+                      .replace(/"/g, '&quot;')
+                      .replace(/'/g, '&#39;');
+        }
 
-				if (code && code.length <= 6) {
-					html = '<li><a href="eap.htm" title="Accueil">'+ escapeHtml(nomenclature.toUpperCase()) +'</a></li>&nbsp;' + fin;
-				} else if (code) {
-					html = breadcrumbs(getParentCode(code), true) + '&nbsp;' + fin;
-				}
-				return html;
-			}
-
-			function getParentCode(code) {
-				var codeParent;
-				if (code && code.length > 6) {
-					codeParent = code.substr(0, parentLength[1]);
-					if (code.slice(-1).match(/[A-Z]/)) {
-						codeParent += code.slice(-1).toLowerCase();
-					}
-					return codeParent;
-				}
-				return null;
-			}
-		</script>
-	</head>
-	<body>
-		<div id="fil-ariane"></div>
-		<h1 id="label" class="item"></h1>
-		<br/>
-		<div id="notes">
-			<div id="note-generale"></div>
-			<div id="contenu-central"></div>
-			<div id="contenu-limite"></div>
-			<div id="exclusions"></div>
-			<div id="remarques"></div>
-		</div>
-		<div id="sous-items"></div>
-	</body>
+        // Sanitize input to prevent XSS
+        function sanitizeInput(input) {
+            return input ? input.replace(/[^a-zA-Z0-9-_]/g, '') : '';
+        }
+    </script>
+</head>
+<body>
+    <div id="fil-ariane"></div>
+    <h1 id="label" class="item"></h1>
+    <br/>
+    <div id="notes">
+        <div id="note-generale"></div>
+        <div id="contenu-central"></div>
+        <div id="contenu-limite"></div>
+        <div id="exclusions"></div>
+        <div id="remarques"></div>
+    </div>
+    <div id="sous-items"></div>
+</body>
 </html>
diff --git a/pages/common/eap2017/eap.htm b/pages/common/eap2017/eap.htm
index 30c477b..1a026c7 100644
--- a/pages/common/eap2017/eap.htm
+++ b/pages/common/eap2017/eap.htm
@@ -1,61 +1,106 @@
 <!DOCTYPE html>
 <html>
-		<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
-        <title>Consultation - EAP 2017</title>
-        <link href="../commun.css" rel="stylesheet" type="text/css"/>
-		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
-		<script>
-			var endpointURL = "http://rdf.insee.fr/sparql";
-			var racine = "http://id.insee.fr/codes/";
-			var nomenclature="eap2017";
-			var niveau="produits";
-			var niveau2="produitsAgreges";
-			$(document).ready(function() {
-
-				var query = 'PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ';
-				query += 'SELECT ?code ?label WHERE {GRAPH <http://rdf.insee.fr/graphes/codes/'+nomenclature+'> { ?uri skos:prefLabel ?label ; skos:notation ?code . '
-				query += '<'+racine+nomenclature+'/'+niveau+'> skos:member ?uri .  FILTER langMatches (lang(?label), "fr")} . } ORDER BY ?code';
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-
-				$.getJSON(queryURL).success(function(data) {
-
-					var innerHTML = '<p class="nom-enfants"> Liste des produits détaillés </p><ul class="enfants">';
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var childCode = data.results.bindings[index].code.value;
-						innerHTML += '<li><p><a href="display-item.htm?code=' + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
-					}
-					innerHTML += '</ul>';
-					$('#sous-items2').html(innerHTML);
-
-
-				});
-				
-				
-				var query2 = 'PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ';
-				query2 += 'SELECT ?code ?label WHERE {GRAPH <http://rdf.insee.fr/graphes/codes/'+nomenclature+'> { ?uri skos:prefLabel ?label ; skos:notation ?code . '
-				query2 += '<'+racine+nomenclature+'/'+niveau2+'> skos:member ?uri .  FILTER langMatches (lang(?label), "fr")} . } ORDER BY ?code';
-				var queryURL2 = endpointURL + "?query=" + encodeURIComponent(query2);
-					
-					$.getJSON(queryURL2).success(function(data) {
-					var innerHTML = '<p class="nom-enfants"> Liste des produits agrégés </p><ul class="enfants">';
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var childCode = data.results.bindings[index].code.value;
-						innerHTML += '<li><p><a href="display-item.htm?code=' + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
-					}
-					innerHTML += '</ul>';
-					
-					$('#sous-items1').html(innerHTML);
-					});
-			});
-
-		</script>
-	</head>
-	<body>
-		<h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP) 2017</h1>
-		<div class="note-generale">
-			<p>Liste des produits de l'Enquête Annuelle de Production 2017</p>
-		</div>
-		<div id="sous-items1" class="sous-items" style="width: 45%; float: left;"></div>
-		<div id="sous-items2" class="sous-items" style="width: 45%; float: left;"></div>
-	</body>
+<head>
+    <meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
+    <title>Consultation - EAP 2017</title>
+    <link href="../commun.css" rel="stylesheet" type="text/css"/>
+    <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
+    <script src="https://cdn.jsdelivr.net/npm/handlebars@latest/dist/handlebars.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.1.6/purify.min.js" integrity="sha384-kphE34mJ4ksz5JkDejM0mI+5qbb+mRyVDCJm3nDA56bbUFflqAr6KPT3AKz3qOgh" crossorigin="anonymous"></script>
+</head>
+<body>
+    <h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP) 2017</h1>
+    <div class="note-generale">
+        <p>Liste des produits de l'Enquête Annuelle de Production 2017</p>
+    </div>
+    <div id="sous-items1" class="sous-items" style="width: 45%; float: left;"></div>
+    <div id="sous-items2" class="sous-items" style="width: 45%; float: left;"></div>
+
+    <!-- Template for items -->
+    <script id="items-template" type="text/x-handlebars-template">
+        <p class="nom-enfants">{{sanitize title}}</p>
+        <ul class="enfants">
+        {{#each items}}
+            <li><p><a href="display-item.htm?code={{encodeURIComponent code}}">{{sanitize code}} - {{sanitize label}}</a></p></li>
+        {{/each}}
+        </ul>
+    </script>
+
+    <script>
+        const endpointURL = "https://rdf.insee.fr/sparql";
+        const racine = "http://id.insee.fr/codes/";
+        const nomenclature = "eap2017";
+        const niveau = "produits";
+        const niveau2 = "produitsAgreges";
+
+        document.addEventListener("DOMContentLoaded", function() {
+            const fetchData = (queryURL, elementId, title) => {
+                fetch(queryURL, {
+                    headers: {
+                        'Accept': 'application/sparql-results+json'
+                    }
+                })
+                .then(response => {
+                    if (!response.ok) {
+                        throw new Error('Network response was not ok');
+                    }
+                    return response.json();
+                })
+                .then(data => {
+                    const templateSource = document.getElementById('items-template').innerHTML;
+                    const template = Handlebars.compile(templateSource);
+
+                    const context = {
+                        title: DOMPurify.sanitize(title),
+                        items: data.results.bindings.map(item => ({
+                            code: DOMPurify.sanitize(item.code.value),
+                            label: DOMPurify.sanitize(item.label.value)
+                        }))
+                    };
+
+                    document.getElementById(elementId).innerHTML = DOMPurify.sanitize(template(context));
+                })
+                .catch(error => console.error('Error fetching data:', error));
+            };
+
+            const query1 = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?code ?label WHERE {
+                    GRAPH <http://rdf.insee.fr/graphes/codes/${nomenclature}> {
+                        ?uri skos:prefLabel ?label ;
+                             skos:notation ?code .
+                        <${racine}${nomenclature}/${niveau}> skos:member ?uri .
+                        FILTER langMatches(lang(?label), "fr")
+                    }
+                } ORDER BY ?code
+            `;
+            const queryURL1 = `${endpointURL}?query=${encodeURIComponent(query1)}`;
+            fetchData(queryURL1, 'sous-items2', 'Liste des produits détaillés');
+
+            const query2 = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?code ?label WHERE {
+                    GRAPH <http://rdf.insee.fr/graphes/codes/${nomenclature}> {
+                        ?uri skos:prefLabel ?label ;
+                             skos:notation ?code .
+                        <${racine}${nomenclature}/${niveau2}> skos:member ?uri .
+                        FILTER langMatches(lang(?label), "fr")
+                    }
+                } ORDER BY ?code
+            `;
+            const queryURL2 = `${endpointURL}?query=${encodeURIComponent(query2)}`;
+            fetchData(queryURL2, 'sous-items1', 'Liste des produits agrégés');
+        });
+
+        // Helper to encode URL components
+        Handlebars.registerHelper('encodeURIComponent', function(context) {
+            return encodeURIComponent(context);
+        });
+
+        // Helper to sanitize input
+        Handlebars.registerHelper('sanitize', function(context) {
+            return Handlebars.escapeExpression(context);
+        });
+    </script>
+</body>
 </html>
diff --git a/pages/common/eap2018/display-item.htm b/pages/common/eap2018/display-item.htm
index 2d4f7cc..bcb3f26 100644
--- a/pages/common/eap2018/display-item.htm
+++ b/pages/common/eap2018/display-item.htm
@@ -1,169 +1,224 @@
 <!DOCTYPE html>
-<html lang="fr">
-	<head>
-		<meta charset="utf-8">
-		<meta name="viewport" content="width=device-width, initial-scale=1.0">
-		<meta name="description" content="EAP - consultation">
-		<title>EAP - consultation</title>
-		<link href="../commun.css" rel="stylesheet" type="text/css"/>
-		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
-		<script>
-			var endpointURL = "https://rdf.insee.fr/sparql";
-			var racine = "http://id.insee.fr/codes/";
-			var nomenclature = "eap2018";
-			var regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
-			var replacement = 'display-item.htm?code=';
-			var itemTypes = ['Produit', 'produit'];
-			var parentLength = [0, 4];
+<html>
+<head>
+    <meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
+    <title>EAP - consultation</title>
+    <link href="../commun.css" rel="stylesheet" type="text/css"/>
+    <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
+    <script>
+        const endpointURL = "https://rdf.insee.fr/sparql";
+        const racine = "http://id.insee.fr/codes/";
+        const nomenclature = "eap2018";
+        const regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
+        const replacement = 'display-item.htm?code=';
+        const itemTypes = ['Produit', 'produit'];
+        const parentLength = [0, 4];
 
-			$(document).ready(function() {
-				var code = getURLParameter('code');
-				$('#fil-ariane').html('<ul>' + breadcrumbs(code, false) + '</ul>');
-				getLabel(code);
-			});
+        document.addEventListener("DOMContentLoaded", function() {
+            const code = sanitizeInput(getURLParameter('code'));
+            if (code) {
+                document.getElementById('fil-ariane').innerHTML = '<ul>' + breadcrumbs(code, false) + '</ul>';
+                getLabel(code);
+            }
+        });
 
-			function escapeHtml(text) {
-				var map = {
-					'&': '&amp;',
-					'<': '&lt;',
-					'>': '&gt;',
-					'"': '&quot;',
-					"'": '&#039;'
-				};
-				return text.replace(/[&<>"']/g, function(m) { return map[m]; });
-			}
+        async function fetchData(query, type = "json") {
+            const headers = {
+                'Accept': type === 'n-triples' ? 'application/n-triples' : 'application/sparql-results+json'
+            };
+            try {
+                const response = await fetch(`${endpointURL}?query=${encodeURIComponent(query)}`, {
+                    method: 'GET',
+                    headers: headers,
+                });
+                if (!response.ok) {
+                    throw new Error('Network response was not ok');
+                }
+                const contentType = response.headers.get("content-type");
+                if (type === "json" && contentType.includes("application/sparql-results+json")) {
+                    return await response.json();
+                } else if (type === "n-triples" && contentType.includes("application/n-triples")) {
+                    const text = await response.text();
+                    return parseNTriples(text);
+                } else {
+                    throw new Error('Received content is not in the expected format');
+                }
+            } catch (error) {
+                console.error('Error fetching data:', error);
+                throw error;
+            }
+        }
 
-			function getLabel(code) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ";
-				query += "SELECT ?uri ?label WHERE {";
-				query += "GRAPH <http://rdf.insee.fr/graphes/codes/" + nomenclature + "> {";
-				query += "?uri skos:prefLabel ?label ; skos:notation '" + escapeHtml(code);
-				query += "'. FILTER langMatches (lang(?label), 'fr')}";
-				query += " . }";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+        function parseNTriples(text) {
+            const triples = text.trim().split('\n').map(line => {
+                const match = line.match(/<([^>]*)>\s*<([^>]*)>\s*<([^>]*)>|<([^>]*)>\s*<([^>]*)>\s*"([^"]*)"/);
+                if (match) {
+                    return {
+                        subject: match[1] || match[4],
+                        predicate: match[2] || match[5],
+                        object: match[3] || match[6]
+                    };
+                } else {
+                    console.error('Failed to parse n-triple line:', line);
+                    return null;
+                }
+            });
+            return triples.filter(triple => triple !== null);
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var itemURI = data.results.bindings[0].uri.value;
-						$('#label').html(escapeHtml(code) + " - " + escapeHtml(data.results.bindings[0].label.value));
-						if (code.length > 6) {
-							getDescription(itemURI);
-						}
-						var childTypeIndex = (code.length == 6 ? 1 : 0);
-						getChildren(itemURI, itemTypes[childTypeIndex]);
-					} else {
-						$('#label').html("<p>Code non trouvé</p>");
-					}
-				}).fail(function() {
-					$('#label').html("<p>Erreur lors de la récupération des données</p>");
-				});
-			}
+        async function getLabel(code) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?uri ?label WHERE {
+                    GRAPH <http://rdf.insee.fr/graphes/codes/${nomenclature}> {
+                        ?uri skos:prefLabel ?label ; skos:notation '${encodeHTML(code)}'.
+                        FILTER langMatches (lang(?label), 'fr')
+                    }
+                }
+            `;
+            try {
+                const data = await fetchData(query);
+                const itemURI = data.results.bindings[0].uri.value;
+                document.getElementById('label').textContent = `${code} - ${data.results.bindings[0].label.value}`;
+                if (code.length > 6) {
+                    getDescription(itemURI);
+                }
+                const childTypeIndex = (code.length == 6 ? 1 : 0);
+                getChildren(itemURI, itemTypes[childTypeIndex]);
+            } catch (error) {
+                console.error('Error in getLabel:', error);
+            }
+        }
 
-			function getDescription(itemURI) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + escapeHtml(itemURI) + ">";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+        async function getDescription(itemURI) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                DESCRIBE <${encodeHTML(itemURI)}>
+            `;
+            try {
+                const data = await fetchData(query, "n-triples");
+                data.forEach(triple => {
+                    const predicateValue = triple.predicate;
+                    const objectValue = triple.object;
+                    if (predicateValue === "http://www.w3.org/2004/02/skos/core#definition") getNote(objectValue, "note-generale");
+                    else if (predicateValue === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(objectValue, "note-generale");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(objectValue, "contenu-central");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(objectValue, "contenu-limite");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(objectValue, "exclusions");
+                    else if (predicateValue === "http://www.w3.org/2004/02/skos/core#note") getNote(objectValue, "remarques");
+                });
+            } catch (error) {
+                console.error('Error in getDescription:', error);
+            }
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var bindingObject = data.results.bindings[index];
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale");
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions");
-						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques");
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        async function getChildren(itemURI, childType) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?code ?label WHERE {
+                    <${encodeHTML(itemURI)}> skos:narrower ?child .
+                    ?child skos:notation ?code ; skos:prefLabel ?label .
+                    FILTER langMatches (lang(?label), 'fr')
+                } ORDER BY ?code
+            `;
+            try {
+                const data = await fetchData(query);
+                if (data.results.bindings.length > 0) {
+                    let innerHTML = '<p class="nom-enfants">Liste des produits détaillés</p><ul class="enfants">';
+                    data.results.bindings.forEach(item => {
+                        const childCode = encodeHTML(item.code.value);
+                        const childLabel = encodeHTML(item.label.value);
+                        innerHTML += `<li><p><a href="${replacement}${encodeURIComponent(childCode)}">${childCode} - ${childLabel}</a></p></li>`;
+                    });
+                    innerHTML += '</ul>';
+                    const sousItemsElement = document.getElementById('sous-items');
+                    sousItemsElement.innerHTML = innerHTML;
+                    sousItemsElement.classList.add("sous-items");
+                }
+            } catch (error) {
+                console.error('Error in getChildren:', error);
+            }
+        }
 
-			function getChildren(itemURI, childType) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + escapeHtml(itemURI) + "> skos:narrower ?child . ";
-				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+        async function getNote(uri, tag) {
+            const query = `
+                SELECT ?text WHERE {
+                    <${encodeHTML(uri)}> <http://eurovoc.europa.eu/schema#noteLiteral> ?text
+                }
+            `;
+            try {
+                const data = await fetchData(query);
+                const noteText = encodeHTML(data.results.bindings[0].text.value.replace(regex, replacement));
+                const tagElement = document.getElementById(tag);
+                tagElement.innerHTML += noteText.replace(/\\\$/g, "<br />");
+                tagElement.classList.add(tag);
+            } catch (error) {
+                console.error('Error in getNote:', error);
+            }
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var innerHTML = '<p class="nom-enfants">Liste des produits détaillés</p><ul class="enfants">';
-						for (var index = 0; index < data.results.bindings.length; index++) {
-							var childCode = data.results.bindings[index].code.value;
-							innerHTML += '<li><p><a href="'+ replacement + escapeHtml(childCode) + '">' + escapeHtml(childCode) + ' - ' + escapeHtml(data.results.bindings[index].label.value) + '</a></p></li>';
-						}
-						innerHTML += '</ul>';
-						$('#sous-items').html(innerHTML);
-						$('#sous-items').addClass("sous-items");
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        function getURLParameter(name) {
+            const result = new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search);
+            return result ? decodeURIComponent(result[1].replace(/\+/g, '%20')) : null;
+        }
 
-			function getURLParameter(name) {
-    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20')) || null;
-			}
+        function breadcrumbs(code, finalLink) {
+            let niveau;
+            if (code && code.length > 6) {
+                niveau = 'Produit détaillé ';
+            } else {
+                niveau = 'Produit agrégé ';
+            }
+            const name = `${niveau}${encodeHTML(code)}`;
+            const fin = finalLink ?
+                `<li><a href="${replacement}${encodeURIComponent(code)}" title="${name}">${name}</a></li>` :
+                `<li>${name}</li>`;
 
-			function getNote(uri, tag) {
-				var query = 'SELECT ?text WHERE { <' + escapeHtml(uri) + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }';
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+            if (code && code.length <= 6) {
+                return `<li><a href="eap.htm" title="Accueil">${nomenclature.toUpperCase()}</a></li>&nbsp;${fin}`;
+            } else if (code) {
+                return `${breadcrumbs(getParentCode(code), true)}&nbsp;${fin}`;
+            }
+            return '';
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
-						$('#' + tag).append(escapeHtml(noteText).replace(/\\\$/g, "<br />"));
-						$('#' + tag).addClass(tag);
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        function getParentCode(code) {
+            if (code && code.length > 6) {
+                let codeParent = code.substr(0, parentLength[1]);
+                if (/[A-Z]/.test(code.slice(-1))) {
+                    codeParent += code.slice(-1).toLowerCase();
+                }
+                return codeParent;
+            }
+            return null;
+        }
 
-			function breadcrumbs(code, finalLink) {
-				var niveau;
-				if (code && code.length > 6) {
-					niveau = 'Produit détaillé ';
-				} else {
-					niveau = 'Produit agrégé ';
-				}
-				var name = escapeHtml(niveau + code);
-				var html;
-				var fin = (finalLink ?
-					('<li><a href="'+ replacement + escapeHtml(code) +'" title="' + name + '">' + name + '</a></li>')
-					: ('<li>' + name + '</li>')
-				);
+        // Encode HTML entities to prevent XSS
+        function encodeHTML(str) {
+            return str.replace(/&/g, '&amp;')
+                      .replace(/</g, '&lt;')
+                      .replace(/>/g, '&gt;')
+                      .replace(/"/g, '&quot;')
+                      .replace(/'/g, '&#39;');
+        }
 
-				if (code && code.length <= 6) {
-					html = '<li><a href="eap.htm" title="Accueil">'+ escapeHtml(nomenclature.toUpperCase()) +'</a></li>&nbsp;' + fin;
-				} else if (code) {
-					html = breadcrumbs(getParentCode(code), true) + '&nbsp;' + fin;
-				}
-				return html;
-			}
-
-			function getParentCode(code) {
-				var codeParent;
-				if (code && code.length > 6) {
-					codeParent = code.substr(0, parentLength[1]);
-					if (code.slice(-1).match(/[A-Z]/)) {
-						codeParent += code.slice(-1).toLowerCase();
-					}
-					return codeParent;
-				}
-				return null;
-			}
-		</script>
-	</head>
-	<body>
-		<div id="fil-ariane"></div>
-		<h1 id="label" class="item"></h1>
-		<br/>
-		<div id="notes">
-			<div id="note-generale"></div>
-			<div id="contenu-central"></div>
-			<div id="contenu-limite"></div>
-			<div id="exclusions"></div>
-			<div id="remarques"></div>
-		</div>
-		<div id="sous-items"></div>
-	</body>
+        // Sanitize input to prevent XSS
+        function sanitizeInput(input) {
+            return input ? input.replace(/[^a-zA-Z0-9-_]/g, '') : '';
+        }
+    </script>
+</head>
+<body>
+    <div id="fil-ariane"></div>
+    <h1 id="label" class="item"></h1>
+    <br/>
+    <div id="notes">
+        <div id="note-generale"></div>
+        <div id="contenu-central"></div>
+        <div id="contenu-limite"></div>
+        <div id="exclusions"></div>
+        <div id="remarques"></div>
+    </div>
+    <div id="sous-items"></div>
+</body>
 </html>
diff --git a/pages/common/eap2018/eap.htm b/pages/common/eap2018/eap.htm
index c89590e..44eff50 100644
--- a/pages/common/eap2018/eap.htm
+++ b/pages/common/eap2018/eap.htm
@@ -1,61 +1,106 @@
 <!DOCTYPE html>
 <html>
-		<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
-        <title>Consultation - EAP 2018</title>
-        <link href="../commun.css" rel="stylesheet" type="text/css"/>
-		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
-		<script>
-			var endpointURL = "http://rdf.insee.fr/sparql";
-			var racine = "http://id.insee.fr/codes/";
-			var nomenclature="eap2018";
-			var niveau="produits";
-			var niveau2="produitsAgreges";
-			$(document).ready(function() {
-
-				var query = 'PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ';
-				query += 'SELECT ?code ?label WHERE {GRAPH <http://rdf.insee.fr/graphes/codes/'+nomenclature+'> { ?uri skos:prefLabel ?label ; skos:notation ?code . '
-				query += '<'+racine+nomenclature+'/'+niveau+'> skos:member ?uri .  FILTER langMatches (lang(?label), "fr")} . } ORDER BY ?code';
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-
-				$.getJSON(queryURL).success(function(data) {
-
-					var innerHTML = '<p class="nom-enfants"> Liste des produits détaillés </p><ul class="enfants">';
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var childCode = data.results.bindings[index].code.value;
-						innerHTML += '<li><p><a href="display-item.htm?code=' + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
-					}
-					innerHTML += '</ul>';
-					$('#sous-items2').html(innerHTML);
-
-
-				});
-				
-				
-				var query2 = 'PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ';
-				query2 += 'SELECT ?code ?label WHERE {GRAPH <http://rdf.insee.fr/graphes/codes/'+nomenclature+'> { ?uri skos:prefLabel ?label ; skos:notation ?code . '
-				query2 += '<'+racine+nomenclature+'/'+niveau2+'> skos:member ?uri .  FILTER langMatches (lang(?label), "fr")} . } ORDER BY ?code';
-				var queryURL2 = endpointURL + "?query=" + encodeURIComponent(query2);
-					
-					$.getJSON(queryURL2).success(function(data) {
-					var innerHTML = '<p class="nom-enfants"> Liste des produits agrégés </p><ul class="enfants">';
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var childCode = data.results.bindings[index].code.value;
-						innerHTML += '<li><p><a href="display-item.htm?code=' + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
-					}
-					innerHTML += '</ul>';
-					
-					$('#sous-items1').html(innerHTML);
-					});
-			});
-
-		</script>
-	</head>
-	<body>
-		<h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP) 2018</h1>
-		<div class="note-generale">
-			<p>Liste des produits de l'Enquête Annuelle de Production 2018</p>
-		</div>
-		<div id="sous-items1" class="sous-items" style="width: 45%; float: left;"></div>
-		<div id="sous-items2" class="sous-items" style="width: 45%; float: left;"></div>
-	</body>
+<head>
+    <meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
+    <title>Consultation - EAP 2018</title>
+    <link href="../commun.css" rel="stylesheet" type="text/css"/>
+    <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
+    <script src="https://cdn.jsdelivr.net/npm/handlebars@latest/dist/handlebars.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.1.6/purify.min.js" integrity="sha384-kphE34mJ4ksz5JkDejM0mI+5qbb+mRyVDCJm3nDA56bbUFflqAr6KPT3AKz3qOgh" crossorigin="anonymous"></script>
+</head>
+<body>
+    <h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP) 2018</h1>
+    <div class="note-generale">
+        <p>Liste des produits de l'Enquête Annuelle de Production 2018</p>
+    </div>
+    <div id="sous-items1" class="sous-items" style="width: 45%; float: left;"></div>
+    <div id="sous-items2" class="sous-items" style="width: 45%; float: left;"></div>
+
+    <!-- Template for items -->
+    <script id="items-template" type="text/x-handlebars-template">
+        <p class="nom-enfants">{{sanitize title}}</p>
+        <ul class="enfants">
+        {{#each items}}
+            <li><p><a href="display-item.htm?code={{encodeURIComponent code}}">{{sanitize code}} - {{sanitize label}}</a></p></li>
+        {{/each}}
+        </ul>
+    </script>
+
+    <script>
+        const endpointURL = "https://rdf.insee.fr/sparql";
+        const racine = "http://id.insee.fr/codes/";
+        const nomenclature = "eap2018";
+        const niveau = "produits";
+        const niveau2 = "produitsAgreges";
+
+        document.addEventListener("DOMContentLoaded", function() {
+            const fetchData = (queryURL, elementId, title) => {
+                fetch(queryURL, {
+                    headers: {
+                        'Accept': 'application/sparql-results+json'
+                    }
+                })
+                .then(response => {
+                    if (!response.ok) {
+                        throw new Error('Network response was not ok');
+                    }
+                    return response.json();
+                })
+                .then(data => {
+                    const templateSource = document.getElementById('items-template').innerHTML;
+                    const template = Handlebars.compile(templateSource);
+
+                    const context = {
+                        title: DOMPurify.sanitize(title),
+                        items: data.results.bindings.map(item => ({
+                            code: DOMPurify.sanitize(item.code.value),
+                            label: DOMPurify.sanitize(item.label.value)
+                        }))
+                    };
+
+                    document.getElementById(elementId).innerHTML = DOMPurify.sanitize(template(context));
+                })
+                .catch(error => console.error('Error fetching data:', error));
+            };
+
+            const query1 = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?code ?label WHERE {
+                    GRAPH <http://rdf.insee.fr/graphes/codes/${nomenclature}> {
+                        ?uri skos:prefLabel ?label ;
+                             skos:notation ?code .
+                        <${racine}${nomenclature}/${niveau}> skos:member ?uri .
+                        FILTER langMatches(lang(?label), "fr")
+                    }
+                } ORDER BY ?code
+            `;
+            const queryURL1 = `${endpointURL}?query=${encodeURIComponent(query1)}`;
+            fetchData(queryURL1, 'sous-items2', 'Liste des produits détaillés');
+
+            const query2 = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?code ?label WHERE {
+                    GRAPH <http://rdf.insee.fr/graphes/codes/${nomenclature}> {
+                        ?uri skos:prefLabel ?label ;
+                             skos:notation ?code .
+                        <${racine}${nomenclature}/${niveau2}> skos:member ?uri .
+                        FILTER langMatches(lang(?label), "fr")
+                    }
+                } ORDER BY ?code
+            `;
+            const queryURL2 = `${endpointURL}?query=${encodeURIComponent(query2)}`;
+            fetchData(queryURL2, 'sous-items1', 'Liste des produits agrégés');
+        });
+
+        // Helper to encode URL components
+        Handlebars.registerHelper('encodeURIComponent', function(context) {
+            return encodeURIComponent(context);
+        });
+
+        // Helper to sanitize input
+        Handlebars.registerHelper('sanitize', function(context) {
+            return Handlebars.escapeExpression(context);
+        });
+    </script>
+</body>
 </html>
diff --git a/pages/common/eap2019/display-item.htm b/pages/common/eap2019/display-item.htm
index e9b997f..6ca4d19 100644
--- a/pages/common/eap2019/display-item.htm
+++ b/pages/common/eap2019/display-item.htm
@@ -1,169 +1,224 @@
 <!DOCTYPE html>
-<html lang="fr">
-	<head>
-		<meta charset="utf-8">
-		<meta name="viewport" content="width=device-width, initial-scale=1.0">
-		<meta name="description" content="EAP - consultation">
-		<title>EAP - consultation</title>
-		<link href="../commun.css" rel="stylesheet" type="text/css"/>
-		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
-		<script>
-			var endpointURL = "https://rdf.insee.fr/sparql";
-			var racine = "http://id.insee.fr/codes/";
-			var nomenclature = "eap2019";
-			var regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
-			var replacement = 'display-item.htm?code=';
-			var itemTypes = ['Produit', 'produit'];
-			var parentLength = [0, 4];
+<html>
+<head>
+    <meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
+    <title>EAP - consultation</title>
+    <link href="../commun.css" rel="stylesheet" type="text/css"/>
+    <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
+    <script>
+        const endpointURL = "https://rdf.insee.fr/sparql";
+        const racine = "http://id.insee.fr/codes/";
+        const nomenclature = "eap2019";
+        const regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
+        const replacement = 'display-item.htm?code=';
+        const itemTypes = ['Produit', 'produit'];
+        const parentLength = [0, 4];
 
-			$(document).ready(function() {
-				var code = getURLParameter('code');
-				$('#fil-ariane').html('<ul>' + breadcrumbs(code, false) + '</ul>');
-				getLabel(code);
-			});
+        document.addEventListener("DOMContentLoaded", function() {
+            const code = sanitizeInput(getURLParameter('code'));
+            if (code) {
+                document.getElementById('fil-ariane').innerHTML = '<ul>' + breadcrumbs(code, false) + '</ul>';
+                getLabel(code);
+            }
+        });
 
-			function escapeHtml(text) {
-				var map = {
-					'&': '&amp;',
-					'<': '&lt;',
-					'>': '&gt;',
-					'"': '&quot;',
-					"'": '&#039;'
-				};
-				return text.replace(/[&<>"']/g, function(m) { return map[m]; });
-			}
+        async function fetchData(query, type = "json") {
+            const headers = {
+                'Accept': type === 'n-triples' ? 'application/n-triples' : 'application/sparql-results+json'
+            };
+            try {
+                const response = await fetch(`${endpointURL}?query=${encodeURIComponent(query)}`, {
+                    method: 'GET',
+                    headers: headers,
+                });
+                if (!response.ok) {
+                    throw new Error('Network response was not ok');
+                }
+                const contentType = response.headers.get("content-type");
+                if (type === "json" && contentType.includes("application/sparql-results+json")) {
+                    return await response.json();
+                } else if (type === "n-triples" && contentType.includes("application/n-triples")) {
+                    const text = await response.text();
+                    return parseNTriples(text);
+                } else {
+                    throw new Error('Received content is not in the expected format');
+                }
+            } catch (error) {
+                console.error('Error fetching data:', error);
+                throw error;
+            }
+        }
 
-			function getLabel(code) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ";
-				query += "SELECT ?uri ?label WHERE {";
-				query += "GRAPH <http://rdf.insee.fr/graphes/codes/" + nomenclature + "> {";
-				query += "?uri skos:prefLabel ?label ; skos:notation '" + escapeHtml(code);
-				query += "'. FILTER langMatches (lang(?label), 'fr')}";
-				query += " . }";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+        function parseNTriples(text) {
+            const triples = text.trim().split('\n').map(line => {
+                const match = line.match(/<([^>]*)>\s*<([^>]*)>\s*<([^>]*)>|<([^>]*)>\s*<([^>]*)>\s*"([^"]*)"/);
+                if (match) {
+                    return {
+                        subject: match[1] || match[4],
+                        predicate: match[2] || match[5],
+                        object: match[3] || match[6]
+                    };
+                } else {
+                    console.error('Failed to parse n-triple line:', line);
+                    return null;
+                }
+            });
+            return triples.filter(triple => triple !== null);
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var itemURI = data.results.bindings[0].uri.value;
-						$('#label').html(escapeHtml(code) + " - " + escapeHtml(data.results.bindings[0].label.value));
-						if (code.length > 6) {
-							getDescription(itemURI);
-						}
-						var childTypeIndex = (code.length == 6 ? 1 : 0);
-						getChildren(itemURI, itemTypes[childTypeIndex]);
-					} else {
-						$('#label').html("<p>Code non trouvé</p>");
-					}
-				}).fail(function() {
-					$('#label').html("<p>Erreur lors de la récupération des données</p>");
-				});
-			}
+        async function getLabel(code) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?uri ?label WHERE {
+                    GRAPH <http://rdf.insee.fr/graphes/codes/${nomenclature}> {
+                        ?uri skos:prefLabel ?label ; skos:notation '${encodeHTML(code)}'.
+                        FILTER langMatches (lang(?label), 'fr')
+                    }
+                }
+            `;
+            try {
+                const data = await fetchData(query);
+                const itemURI = data.results.bindings[0].uri.value;
+                document.getElementById('label').textContent = `${code} - ${data.results.bindings[0].label.value}`;
+                if (code.length > 6) {
+                    getDescription(itemURI);
+                }
+                const childTypeIndex = (code.length == 6 ? 1 : 0);
+                getChildren(itemURI, itemTypes[childTypeIndex]);
+            } catch (error) {
+                console.error('Error in getLabel:', error);
+            }
+        }
 
-			function getDescription(itemURI) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + escapeHtml(itemURI) + ">";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+        async function getDescription(itemURI) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                DESCRIBE <${encodeHTML(itemURI)}>
+            `;
+            try {
+                const data = await fetchData(query, "n-triples");
+                data.forEach(triple => {
+                    const predicateValue = triple.predicate;
+                    const objectValue = triple.object;
+                    if (predicateValue === "http://www.w3.org/2004/02/skos/core#definition") getNote(objectValue, "note-generale");
+                    else if (predicateValue === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(objectValue, "note-generale");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(objectValue, "contenu-central");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(objectValue, "contenu-limite");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(objectValue, "exclusions");
+                    else if (predicateValue === "http://www.w3.org/2004/02/skos/core#note") getNote(objectValue, "remarques");
+                });
+            } catch (error) {
+                console.error('Error in getDescription:', error);
+            }
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var bindingObject = data.results.bindings[index];
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale");
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions");
-						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques");
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        async function getChildren(itemURI, childType) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?code ?label WHERE {
+                    <${encodeHTML(itemURI)}> skos:narrower ?child .
+                    ?child skos:notation ?code ; skos:prefLabel ?label .
+                    FILTER langMatches (lang(?label), 'fr')
+                } ORDER BY ?code
+            `;
+            try {
+                const data = await fetchData(query);
+                if (data.results.bindings.length > 0) {
+                    let innerHTML = '<p class="nom-enfants">Liste des produits détaillés</p><ul class="enfants">';
+                    data.results.bindings.forEach(item => {
+                        const childCode = encodeHTML(item.code.value);
+                        const childLabel = encodeHTML(item.label.value);
+                        innerHTML += `<li><p><a href="${replacement}${encodeURIComponent(childCode)}">${childCode} - ${childLabel}</a></p></li>`;
+                    });
+                    innerHTML += '</ul>';
+                    const sousItemsElement = document.getElementById('sous-items');
+                    sousItemsElement.innerHTML = innerHTML;
+                    sousItemsElement.classList.add("sous-items");
+                }
+            } catch (error) {
+                console.error('Error in getChildren:', error);
+            }
+        }
 
-			function getChildren(itemURI, childType) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + escapeHtml(itemURI) + "> skos:narrower ?child . ";
-				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+        async function getNote(uri, tag) {
+            const query = `
+                SELECT ?text WHERE {
+                    <${encodeHTML(uri)}> <http://eurovoc.europa.eu/schema#noteLiteral> ?text
+                }
+            `;
+            try {
+                const data = await fetchData(query);
+                const noteText = encodeHTML(data.results.bindings[0].text.value.replace(regex, replacement));
+                const tagElement = document.getElementById(tag);
+                tagElement.innerHTML += noteText.replace(/\\\$/g, "<br />");
+                tagElement.classList.add(tag);
+            } catch (error) {
+                console.error('Error in getNote:', error);
+            }
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var innerHTML = '<p class="nom-enfants">Liste des produits détaillés</p><ul class="enfants">';
-						for (var index = 0; index < data.results.bindings.length; index++) {
-							var childCode = data.results.bindings[index].code.value;
-							innerHTML += '<li><p><a href="'+ replacement + escapeHtml(childCode) + '">' + escapeHtml(childCode) + ' - ' + escapeHtml(data.results.bindings[index].label.value) + '</a></p></li>';
-						}
-						innerHTML += '</ul>';
-						$('#sous-items').html(innerHTML);
-						$('#sous-items').addClass("sous-items");
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        function getURLParameter(name) {
+            const result = new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search);
+            return result ? decodeURIComponent(result[1].replace(/\+/g, '%20')) : null;
+        }
 
-			function getURLParameter(name) {
-    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20')) || null;
-			}
+        function breadcrumbs(code, finalLink) {
+            let niveau;
+            if (code && code.length > 6) {
+                niveau = 'Produit détaillé ';
+            } else {
+                niveau = 'Produit agrégé ';
+            }
+            const name = `${niveau}${encodeHTML(code)}`;
+            const fin = finalLink ?
+                `<li><a href="${replacement}${encodeURIComponent(code)}" title="${name}">${name}</a></li>` :
+                `<li>${name}</li>`;
 
-			function getNote(uri, tag) {
-				var query = 'SELECT ?text WHERE { <' + escapeHtml(uri) + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }';
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+            if (code && code.length <= 6) {
+                return `<li><a href="eap.htm" title="Accueil">${nomenclature.toUpperCase()}</a></li>&nbsp;${fin}`;
+            } else if (code) {
+                return `${breadcrumbs(getParentCode(code), true)}&nbsp;${fin}`;
+            }
+            return '';
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
-						$('#' + tag).append(escapeHtml(noteText).replace(/\\\$/g, "<br />"));
-						$('#' + tag).addClass(tag);
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        function getParentCode(code) {
+            if (code && code.length > 6) {
+                let codeParent = code.substr(0, parentLength[1]);
+                if (/[A-Z]/.test(code.slice(-1))) {
+                    codeParent += code.slice(-1).toLowerCase();
+                }
+                return codeParent;
+            }
+            return null;
+        }
 
-			function breadcrumbs(code, finalLink) {
-				var niveau;
-				if (code && code.length > 6) {
-					niveau = 'Produit détaillé ';
-				} else {
-					niveau = 'Produit agrégé ';
-				}
-				var name = escapeHtml(niveau + code);
-				var html;
-				var fin = (finalLink ?
-					('<li><a href="'+ replacement + escapeHtml(code) +'" title="' + name + '">' + name + '</a></li>')
-					: ('<li>' + name + '</li>')
-				);
+        // Encode HTML entities to prevent XSS
+        function encodeHTML(str) {
+            return str.replace(/&/g, '&amp;')
+                      .replace(/</g, '&lt;')
+                      .replace(/>/g, '&gt;')
+                      .replace(/"/g, '&quot;')
+                      .replace(/'/g, '&#39;');
+        }
 
-				if (code && code.length <= 6) {
-					html = '<li><a href="eap.htm" title="Accueil">'+ escapeHtml(nomenclature.toUpperCase()) +'</a></li>&nbsp;' + fin;
-				} else if (code) {
-					html = breadcrumbs(getParentCode(code), true) + '&nbsp;' + fin;
-				}
-				return html;
-			}
-
-			function getParentCode(code) {
-				var codeParent;
-				if (code && code.length > 6) {
-					codeParent = code.substr(0, parentLength[1]);
-					if (code.slice(-1).match(/[A-Z]/)) {
-						codeParent += code.slice(-1).toLowerCase();
-					}
-					return codeParent;
-				}
-				return null;
-			}
-		</script>
-	</head>
-	<body>
-		<div id="fil-ariane"></div>
-		<h1 id="label" class="item"></h1>
-		<br/>
-		<div id="notes">
-			<div id="note-generale"></div>
-			<div id="contenu-central"></div>
-			<div id="contenu-limite"></div>
-			<div id="exclusions"></div>
-			<div id="remarques"></div>
-		</div>
-		<div id="sous-items"></div>
-	</body>
+        // Sanitize input to prevent XSS
+        function sanitizeInput(input) {
+            return input ? input.replace(/[^a-zA-Z0-9-_]/g, '') : '';
+        }
+    </script>
+</head>
+<body>
+    <div id="fil-ariane"></div>
+    <h1 id="label" class="item"></h1>
+    <br/>
+    <div id="notes">
+        <div id="note-generale"></div>
+        <div id="contenu-central"></div>
+        <div id="contenu-limite"></div>
+        <div id="exclusions"></div>
+        <div id="remarques"></div>
+    </div>
+    <div id="sous-items"></div>
+</body>
 </html>
diff --git a/pages/common/eap2019/eap.htm b/pages/common/eap2019/eap.htm
index a2a6fcc..bbbc73f 100644
--- a/pages/common/eap2019/eap.htm
+++ b/pages/common/eap2019/eap.htm
@@ -1,61 +1,106 @@
 <!DOCTYPE html>
 <html>
-		<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
-        <title>Consultation - EAP 2019</title>
-        <link href="../commun.css" rel="stylesheet" type="text/css"/>
-		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
-		<script>
-			var endpointURL = "http://rdf.insee.fr/sparql";
-			var racine = "http://id.insee.fr/codes/";
-			var nomenclature="eap2019";
-			var niveau="produits";
-			var niveau2="produitsAgreges";
-			$(document).ready(function() {
-
-				var query = 'PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ';
-				query += 'SELECT ?code ?label WHERE {GRAPH <http://rdf.insee.fr/graphes/codes/'+nomenclature+'> { ?uri skos:prefLabel ?label ; skos:notation ?code . '
-				query += '<'+racine+nomenclature+'/'+niveau+'> skos:member ?uri .  FILTER langMatches (lang(?label), "fr")} . } ORDER BY ?code';
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-
-				$.getJSON(queryURL).success(function(data) {
-
-					var innerHTML = '<p class="nom-enfants"> Liste des produits détaillés </p><ul class="enfants">';
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var childCode = data.results.bindings[index].code.value;
-						innerHTML += '<li><p><a href="display-item.htm?code=' + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
-					}
-					innerHTML += '</ul>';
-					$('#sous-items2').html(innerHTML);
-
-
-				});
-				
-				
-				var query2 = 'PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ';
-				query2 += 'SELECT ?code ?label WHERE {GRAPH <http://rdf.insee.fr/graphes/codes/'+nomenclature+'> { ?uri skos:prefLabel ?label ; skos:notation ?code . '
-				query2 += '<'+racine+nomenclature+'/'+niveau2+'> skos:member ?uri .  FILTER langMatches (lang(?label), "fr")} . } ORDER BY ?code';
-				var queryURL2 = endpointURL + "?query=" + encodeURIComponent(query2);
-					
-					$.getJSON(queryURL2).success(function(data) {
-					var innerHTML = '<p class="nom-enfants"> Liste des produits agrégés </p><ul class="enfants">';
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var childCode = data.results.bindings[index].code.value;
-						innerHTML += '<li><p><a href="display-item.htm?code=' + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
-					}
-					innerHTML += '</ul>';
-					
-					$('#sous-items1').html(innerHTML);
-					});
-			});
-
-		</script>
-	</head>
-	<body>
-		<h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP) 2019</h1>
-		<div class="note-generale">
-			<p>Liste des produits de l'Enquête Annuelle de Production 2019</p>
-		</div>
-		<div id="sous-items1" class="sous-items" style="width: 45%; float: left;"></div>
-		<div id="sous-items2" class="sous-items" style="width: 45%; float: left;"></div>
-	</body>
+<head>
+    <meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
+    <title>Consultation - EAP 2019</title>
+    <link href="../commun.css" rel="stylesheet" type="text/css"/>
+    <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
+    <script src="https://cdn.jsdelivr.net/npm/handlebars@latest/dist/handlebars.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.1.6/purify.min.js" integrity="sha384-kphE34mJ4ksz5JkDejM0mI+5qbb+mRyVDCJm3nDA56bbUFflqAr6KPT3AKz3qOgh" crossorigin="anonymous"></script>
+</head>
+<body>
+    <h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP) 2019</h1>
+    <div class="note-generale">
+        <p>Liste des produits de l'Enquête Annuelle de Production 2019</p>
+    </div>
+    <div id="sous-items1" class="sous-items" style="width: 45%; float: left;"></div>
+    <div id="sous-items2" class="sous-items" style="width: 45%; float: left;"></div>
+
+    <!-- Template for items -->
+    <script id="items-template" type="text/x-handlebars-template">
+        <p class="nom-enfants">{{sanitize title}}</p>
+        <ul class="enfants">
+        {{#each items}}
+            <li><p><a href="display-item.htm?code={{encodeURIComponent code}}">{{sanitize code}} - {{sanitize label}}</a></p></li>
+        {{/each}}
+        </ul>
+    </script>
+
+    <script>
+        const endpointURL = "https://rdf.insee.fr/sparql";
+        const racine = "http://id.insee.fr/codes/";
+        const nomenclature = "eap2019";
+        const niveau = "produits";
+        const niveau2 = "produitsAgreges";
+
+        document.addEventListener("DOMContentLoaded", function() {
+            const fetchData = (queryURL, elementId, title) => {
+                fetch(queryURL, {
+                    headers: {
+                        'Accept': 'application/sparql-results+json'
+                    }
+                })
+                .then(response => {
+                    if (!response.ok) {
+                        throw new Error('Network response was not ok');
+                    }
+                    return response.json();
+                })
+                .then(data => {
+                    const templateSource = document.getElementById('items-template').innerHTML;
+                    const template = Handlebars.compile(templateSource);
+
+                    const context = {
+                        title: DOMPurify.sanitize(title),
+                        items: data.results.bindings.map(item => ({
+                            code: DOMPurify.sanitize(item.code.value),
+                            label: DOMPurify.sanitize(item.label.value)
+                        }))
+                    };
+
+                    document.getElementById(elementId).innerHTML = DOMPurify.sanitize(template(context));
+                })
+                .catch(error => console.error('Error fetching data:', error));
+            };
+
+            const query1 = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?code ?label WHERE {
+                    GRAPH <http://rdf.insee.fr/graphes/codes/${nomenclature}> {
+                        ?uri skos:prefLabel ?label ;
+                             skos:notation ?code .
+                        <${racine}${nomenclature}/${niveau}> skos:member ?uri .
+                        FILTER langMatches(lang(?label), "fr")
+                    }
+                } ORDER BY ?code
+            `;
+            const queryURL1 = `${endpointURL}?query=${encodeURIComponent(query1)}`;
+            fetchData(queryURL1, 'sous-items2', 'Liste des produits détaillés');
+
+            const query2 = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?code ?label WHERE {
+                    GRAPH <http://rdf.insee.fr/graphes/codes/${nomenclature}> {
+                        ?uri skos:prefLabel ?label ;
+                             skos:notation ?code .
+                        <${racine}${nomenclature}/${niveau2}> skos:member ?uri .
+                        FILTER langMatches(lang(?label), "fr")
+                    }
+                } ORDER BY ?code
+            `;
+            const queryURL2 = `${endpointURL}?query=${encodeURIComponent(query2)}`;
+            fetchData(queryURL2, 'sous-items1', 'Liste des produits agrégés');
+        });
+
+        // Helper to encode URL components
+        Handlebars.registerHelper('encodeURIComponent', function(context) {
+            return encodeURIComponent(context);
+        });
+
+        // Helper to sanitize input
+        Handlebars.registerHelper('sanitize', function(context) {
+            return Handlebars.escapeExpression(context);
+        });
+    </script>
+</body>
 </html>
diff --git a/pages/common/eap2020/display-item.htm b/pages/common/eap2020/display-item.htm
index 4f5b795..ddcc3d6 100644
--- a/pages/common/eap2020/display-item.htm
+++ b/pages/common/eap2020/display-item.htm
@@ -1,169 +1,224 @@
 <!DOCTYPE html>
-<html lang="fr">
-	<head>
-		<meta charset="utf-8">
-		<meta name="viewport" content="width=device-width, initial-scale=1.0">
-		<meta name="description" content="EAP - consultation">
-		<title>EAP - consultation</title>
-		<link href="../commun.css" rel="stylesheet" type="text/css"/>
-		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
-		<script>
-			var endpointURL = "https://rdf.insee.fr/sparql";
-			var racine = "http://id.insee.fr/codes/";
-			var nomenclature = "eap2020";
-			var regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
-			var replacement = 'display-item.htm?code=';
-			var itemTypes = ['Produit', 'produit'];
-			var parentLength = [0, 4];
+<html>
+<head>
+    <meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
+    <title>EAP - consultation</title>
+    <link href="../commun.css" rel="stylesheet" type="text/css"/>
+    <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
+    <script>
+        const endpointURL = "https://rdf.insee.fr/sparql";
+        const racine = "http://id.insee.fr/codes/";
+        const nomenclature = "eap2021";
+        const regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
+        const replacement = 'display-item.htm?code=';
+        const itemTypes = ['Produit', 'produit'];
+        const parentLength = [0, 4];
 
-			$(document).ready(function() {
-				var code = getURLParameter('code');
-				$('#fil-ariane').html('<ul>' + breadcrumbs(code, false) + '</ul>');
-				getLabel(code);
-			});
+        document.addEventListener("DOMContentLoaded", function() {
+            const code = sanitizeInput(getURLParameter('code'));
+            if (code) {
+                document.getElementById('fil-ariane').innerHTML = '<ul>' + breadcrumbs(code, false) + '</ul>';
+                getLabel(code);
+            }
+        });
 
-			function escapeHtml(text) {
-				var map = {
-					'&': '&amp;',
-					'<': '&lt;',
-					'>': '&gt;',
-					'"': '&quot;',
-					"'": '&#039;'
-				};
-				return text.replace(/[&<>"']/g, function(m) { return map[m]; });
-			}
+        async function fetchData(query, type = "json") {
+            const headers = {
+                'Accept': type === 'n-triples' ? 'application/n-triples' : 'application/sparql-results+json'
+            };
+            try {
+                const response = await fetch(`${endpointURL}?query=${encodeURIComponent(query)}`, {
+                    method: 'GET',
+                    headers: headers,
+                });
+                if (!response.ok) {
+                    throw new Error('Network response was not ok');
+                }
+                const contentType = response.headers.get("content-type");
+                if (type === "json" && contentType.includes("application/sparql-results+json")) {
+                    return await response.json();
+                } else if (type === "n-triples" && contentType.includes("application/n-triples")) {
+                    const text = await response.text();
+                    return parseNTriples(text);
+                } else {
+                    throw new Error('Received content is not in the expected format');
+                }
+            } catch (error) {
+                console.error('Error fetching data:', error);
+                throw error;
+            }
+        }
 
-			function getLabel(code) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ";
-				query += "SELECT ?uri ?label WHERE {";
-				query += "GRAPH <http://rdf.insee.fr/graphes/codes/" + nomenclature + "> {";
-				query += "?uri skos:prefLabel ?label ; skos:notation '" + escapeHtml(code);
-				query += "'. FILTER langMatches (lang(?label), 'fr')}";
-				query += " . }";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+        function parseNTriples(text) {
+            const triples = text.trim().split('\n').map(line => {
+                const match = line.match(/<([^>]*)>\s*<([^>]*)>\s*<([^>]*)>|<([^>]*)>\s*<([^>]*)>\s*"([^"]*)"/);
+                if (match) {
+                    return {
+                        subject: match[1] || match[4],
+                        predicate: match[2] || match[5],
+                        object: match[3] || match[6]
+                    };
+                } else {
+                    console.error('Failed to parse n-triple line:', line);
+                    return null;
+                }
+            });
+            return triples.filter(triple => triple !== null);
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var itemURI = data.results.bindings[0].uri.value;
-						$('#label').html(escapeHtml(code) + " - " + escapeHtml(data.results.bindings[0].label.value));
-						if (code.length > 6) {
-							getDescription(itemURI);
-						}
-						var childTypeIndex = (code.length == 6 ? 1 : 0);
-						getChildren(itemURI, itemTypes[childTypeIndex]);
-					} else {
-						$('#label').html("<p>Code non trouvé</p>");
-					}
-				}).fail(function() {
-					$('#label').html("<p>Erreur lors de la récupération des données</p>");
-				});
-			}
+        async function getLabel(code) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?uri ?label WHERE {
+                    GRAPH <http://rdf.insee.fr/graphes/codes/${nomenclature}> {
+                        ?uri skos:prefLabel ?label ; skos:notation '${encodeHTML(code)}'.
+                        FILTER langMatches (lang(?label), 'fr')
+                    }
+                }
+            `;
+            try {
+                const data = await fetchData(query);
+                const itemURI = data.results.bindings[0].uri.value;
+                document.getElementById('label').textContent = `${code} - ${data.results.bindings[0].label.value}`;
+                if (code.length > 6) {
+                    getDescription(itemURI);
+                }
+                const childTypeIndex = (code.length == 6 ? 1 : 0);
+                getChildren(itemURI, itemTypes[childTypeIndex]);
+            } catch (error) {
+                console.error('Error in getLabel:', error);
+            }
+        }
 
-			function getDescription(itemURI) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + escapeHtml(itemURI) + ">";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+        async function getDescription(itemURI) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                DESCRIBE <${encodeHTML(itemURI)}>
+            `;
+            try {
+                const data = await fetchData(query, "n-triples");
+                data.forEach(triple => {
+                    const predicateValue = triple.predicate;
+                    const objectValue = triple.object;
+                    if (predicateValue === "http://www.w3.org/2004/02/skos/core#definition") getNote(objectValue, "note-generale");
+                    else if (predicateValue === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(objectValue, "note-generale");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(objectValue, "contenu-central");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(objectValue, "contenu-limite");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(objectValue, "exclusions");
+                    else if (predicateValue === "http://www.w3.org/2004/02/skos/core#note") getNote(objectValue, "remarques");
+                });
+            } catch (error) {
+                console.error('Error in getDescription:', error);
+            }
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var bindingObject = data.results.bindings[index];
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale");
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions");
-						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques");
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        async function getChildren(itemURI, childType) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?code ?label WHERE {
+                    <${encodeHTML(itemURI)}> skos:narrower ?child .
+                    ?child skos:notation ?code ; skos:prefLabel ?label .
+                    FILTER langMatches (lang(?label), 'fr')
+                } ORDER BY ?code
+            `;
+            try {
+                const data = await fetchData(query);
+                if (data.results.bindings.length > 0) {
+                    let innerHTML = '<p class="nom-enfants">Liste des produits détaillés</p><ul class="enfants">';
+                    data.results.bindings.forEach(item => {
+                        const childCode = encodeHTML(item.code.value);
+                        const childLabel = encodeHTML(item.label.value);
+                        innerHTML += `<li><p><a href="${replacement}${encodeURIComponent(childCode)}">${childCode} - ${childLabel}</a></p></li>`;
+                    });
+                    innerHTML += '</ul>';
+                    const sousItemsElement = document.getElementById('sous-items');
+                    sousItemsElement.innerHTML = innerHTML;
+                    sousItemsElement.classList.add("sous-items");
+                }
+            } catch (error) {
+                console.error('Error in getChildren:', error);
+            }
+        }
 
-			function getChildren(itemURI, childType) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + escapeHtml(itemURI) + "> skos:narrower ?child . ";
-				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+        async function getNote(uri, tag) {
+            const query = `
+                SELECT ?text WHERE {
+                    <${encodeHTML(uri)}> <http://eurovoc.europa.eu/schema#noteLiteral> ?text
+                }
+            `;
+            try {
+                const data = await fetchData(query);
+                const noteText = encodeHTML(data.results.bindings[0].text.value.replace(regex, replacement));
+                const tagElement = document.getElementById(tag);
+                tagElement.innerHTML += noteText.replace(/\\\$/g, "<br />");
+                tagElement.classList.add(tag);
+            } catch (error) {
+                console.error('Error in getNote:', error);
+            }
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var innerHTML = '<p class="nom-enfants">Liste des produits détaillés</p><ul class="enfants">';
-						for (var index = 0; index < data.results.bindings.length; index++) {
-							var childCode = data.results.bindings[index].code.value;
-							innerHTML += '<li><p><a href="'+ replacement + escapeHtml(childCode) + '">' + escapeHtml(childCode) + ' - ' + escapeHtml(data.results.bindings[index].label.value) + '</a></p></li>';
-						}
-						innerHTML += '</ul>';
-						$('#sous-items').html(innerHTML);
-						$('#sous-items').addClass("sous-items");
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        function getURLParameter(name) {
+            const result = new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search);
+            return result ? decodeURIComponent(result[1].replace(/\+/g, '%20')) : null;
+        }
 
-			function getURLParameter(name) {
-    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20')) || null;
-			}
+        function breadcrumbs(code, finalLink) {
+            let niveau;
+            if (code && code.length > 6) {
+                niveau = 'Produit détaillé ';
+            } else {
+                niveau = 'Produit agrégé ';
+            }
+            const name = `${niveau}${encodeHTML(code)}`;
+            const fin = finalLink ?
+                `<li><a href="${replacement}${encodeURIComponent(code)}" title="${name}">${name}</a></li>` :
+                `<li>${name}</li>`;
 
-			function getNote(uri, tag) {
-				var query = 'SELECT ?text WHERE { <' + escapeHtml(uri) + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }';
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+            if (code && code.length <= 6) {
+                return `<li><a href="eap.htm" title="Accueil">${nomenclature.toUpperCase()}</a></li>&nbsp;${fin}`;
+            } else if (code) {
+                return `${breadcrumbs(getParentCode(code), true)}&nbsp;${fin}`;
+            }
+            return '';
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
-						$('#' + tag).append(escapeHtml(noteText).replace(/\\\$/g, "<br />"));
-						$('#' + tag).addClass(tag);
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        function getParentCode(code) {
+            if (code && code.length > 6) {
+                let codeParent = code.substr(0, parentLength[1]);
+                if (/[A-Z]/.test(code.slice(-1))) {
+                    codeParent += code.slice(-1).toLowerCase();
+                }
+                return codeParent;
+            }
+            return null;
+        }
 
-			function breadcrumbs(code, finalLink) {
-				var niveau;
-				if (code && code.length > 6) {
-					niveau = 'Produit détaillé ';
-				} else {
-					niveau = 'Produit agrégé ';
-				}
-				var name = escapeHtml(niveau + code);
-				var html;
-				var fin = (finalLink ?
-					('<li><a href="'+ replacement + escapeHtml(code) +'" title="' + name + '">' + name + '</a></li>')
-					: ('<li>' + name + '</li>')
-				);
+        // Encode HTML entities to prevent XSS
+        function encodeHTML(str) {
+            return str.replace(/&/g, '&amp;')
+                      .replace(/</g, '&lt;')
+                      .replace(/>/g, '&gt;')
+                      .replace(/"/g, '&quot;')
+                      .replace(/'/g, '&#39;');
+        }
 
-				if (code && code.length <= 6) {
-					html = '<li><a href="eap.htm" title="Accueil">'+ escapeHtml(nomenclature.toUpperCase()) +'</a></li>&nbsp;' + fin;
-				} else if (code) {
-					html = breadcrumbs(getParentCode(code), true) + '&nbsp;' + fin;
-				}
-				return html;
-			}
-
-			function getParentCode(code) {
-				var codeParent;
-				if (code && code.length > 6) {
-					codeParent = code.substr(0, parentLength[1]);
-					if (code.slice(-1).match(/[A-Z]/)) {
-						codeParent += code.slice(-1).toLowerCase();
-					}
-					return codeParent;
-				}
-				return null;
-			}
-		</script>
-	</head>
-	<body>
-		<div id="fil-ariane"></div>
-		<h1 id="label" class="item"></h1>
-		<br/>
-		<div id="notes">
-			<div id="note-generale"></div>
-			<div id="contenu-central"></div>
-			<div id="contenu-limite"></div>
-			<div id="exclusions"></div>
-			<div id="remarques"></div>
-		</div>
-		<div id="sous-items"></div>
-	</body>
+        // Sanitize input to prevent XSS
+        function sanitizeInput(input) {
+            return input ? input.replace(/[^a-zA-Z0-9-_]/g, '') : '';
+        }
+    </script>
+</head>
+<body>
+    <div id="fil-ariane"></div>
+    <h1 id="label" class="item"></h1>
+    <br/>
+    <div id="notes">
+        <div id="note-generale"></div>
+        <div id="contenu-central"></div>
+        <div id="contenu-limite"></div>
+        <div id="exclusions"></div>
+        <div id="remarques"></div>
+    </div>
+    <div id="sous-items"></div>
+</body>
 </html>
diff --git a/pages/common/eap2020/eap.htm b/pages/common/eap2020/eap.htm
index 873ca5e..8a902d4 100644
--- a/pages/common/eap2020/eap.htm
+++ b/pages/common/eap2020/eap.htm
@@ -1,61 +1,106 @@
 <!DOCTYPE html>
 <html>
-		<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
-        <title>Consultation - EAP 2020</title>
-        <link href="../commun.css" rel="stylesheet" type="text/css"/>
-		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
-		<script>
-			var endpointURL = "http://rdf.insee.fr/sparql";
-			var racine = "http://id.insee.fr/codes/";
-			var nomenclature="eap2020";
-			var niveau="produits";
-			var niveau2="produitsAgreges";
-			$(document).ready(function() {
-
-				var query = 'PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ';
-				query += 'SELECT ?code ?label WHERE {GRAPH <http://rdf.insee.fr/graphes/codes/'+nomenclature+'> { ?uri skos:prefLabel ?label ; skos:notation ?code . '
-				query += '<'+racine+nomenclature+'/'+niveau+'> skos:member ?uri .  FILTER langMatches (lang(?label), "fr")} . } ORDER BY ?code';
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-
-				$.getJSON(queryURL).success(function(data) {
-
-					var innerHTML = '<p class="nom-enfants"> Liste des produits détaillés </p><ul class="enfants">';
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var childCode = data.results.bindings[index].code.value;
-						innerHTML += '<li><p><a href="display-item.htm?code=' + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
-					}
-					innerHTML += '</ul>';
-					$('#sous-items2').html(innerHTML);
-
-
-				});
-				
-				
-				var query2 = 'PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ';
-				query2 += 'SELECT ?code ?label WHERE {GRAPH <http://rdf.insee.fr/graphes/codes/'+nomenclature+'> { ?uri skos:prefLabel ?label ; skos:notation ?code . '
-				query2 += '<'+racine+nomenclature+'/'+niveau2+'> skos:member ?uri .  FILTER langMatches (lang(?label), "fr")} . } ORDER BY ?code';
-				var queryURL2 = endpointURL + "?query=" + encodeURIComponent(query2);
-					
-					$.getJSON(queryURL2).success(function(data) {
-					var innerHTML = '<p class="nom-enfants"> Liste des produits agrégés </p><ul class="enfants">';
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var childCode = data.results.bindings[index].code.value;
-						innerHTML += '<li><p><a href="display-item.htm?code=' + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
-					}
-					innerHTML += '</ul>';
-					
-					$('#sous-items1').html(innerHTML);
-					});
-			});
-
-		</script>
-	</head>
-	<body>
-		<h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP) 2020</h1>
-		<div class="note-generale">
-			<p>Liste des produits de l'Enquête Annuelle de Production 2020</p>
-		</div>
-		<div id="sous-items1" class="sous-items" style="width: 45%; float: left;"></div>
-		<div id="sous-items2" class="sous-items" style="width: 45%; float: left;"></div>
-	</body>
+<head>
+    <meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
+    <title>Consultation - EAP 2020</title>
+    <link href="../commun.css" rel="stylesheet" type="text/css"/>
+    <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
+    <script src="https://cdn.jsdelivr.net/npm/handlebars@latest/dist/handlebars.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.1.6/purify.min.js" integrity="sha384-kphE34mJ4ksz5JkDejM0mI+5qbb+mRyVDCJm3nDA56bbUFflqAr6KPT3AKz3qOgh" crossorigin="anonymous"></script>
+</head>
+<body>
+    <h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP) 2020</h1>
+    <div class="note-generale">
+        <p>Liste des produits de l'Enquête Annuelle de Production 2020</p>
+    </div>
+    <div id="sous-items1" class="sous-items" style="width: 45%; float: left;"></div>
+    <div id="sous-items2" class="sous-items" style="width: 45%; float: left;"></div>
+
+    <!-- Template for items -->
+    <script id="items-template" type="text/x-handlebars-template">
+        <p class="nom-enfants">{{sanitize title}}</p>
+        <ul class="enfants">
+        {{#each items}}
+            <li><p><a href="display-item.htm?code={{encodeURIComponent code}}">{{sanitize code}} - {{sanitize label}}</a></p></li>
+        {{/each}}
+        </ul>
+    </script>
+
+    <script>
+        const endpointURL = "https://rdf.insee.fr/sparql";
+        const racine = "http://id.insee.fr/codes/";
+        const nomenclature = "eap2020";
+        const niveau = "produits";
+        const niveau2 = "produitsAgreges";
+
+        document.addEventListener("DOMContentLoaded", function() {
+            const fetchData = (queryURL, elementId, title) => {
+                fetch(queryURL, {
+                    headers: {
+                        'Accept': 'application/sparql-results+json'
+                    }
+                })
+                .then(response => {
+                    if (!response.ok) {
+                        throw new Error('Network response was not ok');
+                    }
+                    return response.json();
+                })
+                .then(data => {
+                    const templateSource = document.getElementById('items-template').innerHTML;
+                    const template = Handlebars.compile(templateSource);
+
+                    const context = {
+                        title: DOMPurify.sanitize(title),
+                        items: data.results.bindings.map(item => ({
+                            code: DOMPurify.sanitize(item.code.value),
+                            label: DOMPurify.sanitize(item.label.value)
+                        }))
+                    };
+
+                    document.getElementById(elementId).innerHTML = DOMPurify.sanitize(template(context));
+                })
+                .catch(error => console.error('Error fetching data:', error));
+            };
+
+            const query1 = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?code ?label WHERE {
+                    GRAPH <http://rdf.insee.fr/graphes/codes/${nomenclature}> {
+                        ?uri skos:prefLabel ?label ;
+                             skos:notation ?code .
+                        <${racine}${nomenclature}/${niveau}> skos:member ?uri .
+                        FILTER langMatches(lang(?label), "fr")
+                    }
+                } ORDER BY ?code
+            `;
+            const queryURL1 = `${endpointURL}?query=${encodeURIComponent(query1)}`;
+            fetchData(queryURL1, 'sous-items2', 'Liste des produits détaillés');
+
+            const query2 = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?code ?label WHERE {
+                    GRAPH <http://rdf.insee.fr/graphes/codes/${nomenclature}> {
+                        ?uri skos:prefLabel ?label ;
+                             skos:notation ?code .
+                        <${racine}${nomenclature}/${niveau2}> skos:member ?uri .
+                        FILTER langMatches(lang(?label), "fr")
+                    }
+                } ORDER BY ?code
+            `;
+            const queryURL2 = `${endpointURL}?query=${encodeURIComponent(query2)}`;
+            fetchData(queryURL2, 'sous-items1', 'Liste des produits agrégés');
+        });
+
+        // Helper to encode URL components
+        Handlebars.registerHelper('encodeURIComponent', function(context) {
+            return encodeURIComponent(context);
+        });
+
+        // Helper to sanitize input
+        Handlebars.registerHelper('sanitize', function(context) {
+            return Handlebars.escapeExpression(context);
+        });
+    </script>
+</body>
 </html>
diff --git a/pages/common/eap2022/display-item.htm b/pages/common/eap2022/display-item.htm
index 7b2e1e6..6d1bb96 100644
--- a/pages/common/eap2022/display-item.htm
+++ b/pages/common/eap2022/display-item.htm
@@ -1,169 +1,224 @@
 <!DOCTYPE html>
-<html lang="fr">
-	<head>
-		<meta charset="utf-8">
-		<meta name="viewport" content="width=device-width, initial-scale=1.0">
-		<meta name="description" content="EAP - consultation">
-		<title>EAP - consultation</title>
-		<link href="../commun.css" rel="stylesheet" type="text/css"/>
-		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
-		<script>
-			var endpointURL = "https://rdf.insee.fr/sparql";
-			var racine = "http://id.insee.fr/codes/";
-			var nomenclature = "eap2022";
-			var regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
-			var replacement = 'display-item.htm?code=';
-			var itemTypes = ['Produit', 'produit'];
-			var parentLength = [0, 4];
+<html>
+<head>
+    <meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
+    <title>EAP - consultation</title>
+    <link href="../commun.css" rel="stylesheet" type="text/css"/>
+    <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
+    <script>
+        const endpointURL = "https://rdf.insee.fr/sparql";
+        const racine = "http://id.insee.fr/codes/";
+        const nomenclature = "eap2022";
+        const regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
+        const replacement = 'display-item.htm?code=';
+        const itemTypes = ['Produit', 'produit'];
+        const parentLength = [0, 4];
 
-			$(document).ready(function() {
-				var code = getURLParameter('code');
-				$('#fil-ariane').html('<ul>' + breadcrumbs(code, false) + '</ul>');
-				getLabel(code);
-			});
+        document.addEventListener("DOMContentLoaded", function() {
+            const code = sanitizeInput(getURLParameter('code'));
+            if (code) {
+                document.getElementById('fil-ariane').innerHTML = '<ul>' + breadcrumbs(code, false) + '</ul>';
+                getLabel(code);
+            }
+        });
 
-			function escapeHtml(text) {
-				var map = {
-					'&': '&amp;',
-					'<': '&lt;',
-					'>': '&gt;',
-					'"': '&quot;',
-					"'": '&#039;'
-				};
-				return text.replace(/[&<>"']/g, function(m) { return map[m]; });
-			}
+        async function fetchData(query, type = "json") {
+            const headers = {
+                'Accept': type === 'n-triples' ? 'application/n-triples' : 'application/sparql-results+json'
+            };
+            try {
+                const response = await fetch(`${endpointURL}?query=${encodeURIComponent(query)}`, {
+                    method: 'GET',
+                    headers: headers,
+                });
+                if (!response.ok) {
+                    throw new Error('Network response was not ok');
+                }
+                const contentType = response.headers.get("content-type");
+                if (type === "json" && contentType.includes("application/sparql-results+json")) {
+                    return await response.json();
+                } else if (type === "n-triples" && contentType.includes("application/n-triples")) {
+                    const text = await response.text();
+                    return parseNTriples(text);
+                } else {
+                    throw new Error('Received content is not in the expected format');
+                }
+            } catch (error) {
+                console.error('Error fetching data:', error);
+                throw error;
+            }
+        }
 
-			function getLabel(code) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ";
-				query += "SELECT ?uri ?label WHERE {";
-				query += "GRAPH <http://rdf.insee.fr/graphes/codes/" + nomenclature + "> {";
-				query += "?uri skos:prefLabel ?label ; skos:notation '" + escapeHtml(code);
-				query += "'. FILTER langMatches (lang(?label), 'fr')}";
-				query += " . }";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+        function parseNTriples(text) {
+            const triples = text.trim().split('\n').map(line => {
+                const match = line.match(/<([^>]*)>\s*<([^>]*)>\s*<([^>]*)>|<([^>]*)>\s*<([^>]*)>\s*"([^"]*)"/);
+                if (match) {
+                    return {
+                        subject: match[1] || match[4],
+                        predicate: match[2] || match[5],
+                        object: match[3] || match[6]
+                    };
+                } else {
+                    console.error('Failed to parse n-triple line:', line);
+                    return null;
+                }
+            });
+            return triples.filter(triple => triple !== null);
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var itemURI = data.results.bindings[0].uri.value;
-						$('#label').html(escapeHtml(code) + " - " + escapeHtml(data.results.bindings[0].label.value));
-						if (code.length > 6) {
-							getDescription(itemURI);
-						}
-						var childTypeIndex = (code.length == 6 ? 1 : 0);
-						getChildren(itemURI, itemTypes[childTypeIndex]);
-					} else {
-						$('#label').html("<p>Code non trouvé</p>");
-					}
-				}).fail(function() {
-					$('#label').html("<p>Erreur lors de la récupération des données</p>");
-				});
-			}
+        async function getLabel(code) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?uri ?label WHERE {
+                    GRAPH <http://rdf.insee.fr/graphes/codes/${nomenclature}> {
+                        ?uri skos:prefLabel ?label ; skos:notation '${encodeHTML(code)}'.
+                        FILTER langMatches (lang(?label), 'fr')
+                    }
+                }
+            `;
+            try {
+                const data = await fetchData(query);
+                const itemURI = data.results.bindings[0].uri.value;
+                document.getElementById('label').textContent = `${code} - ${data.results.bindings[0].label.value}`;
+                if (code.length > 6) {
+                    getDescription(itemURI);
+                }
+                const childTypeIndex = (code.length == 6 ? 1 : 0);
+                getChildren(itemURI, itemTypes[childTypeIndex]);
+            } catch (error) {
+                console.error('Error in getLabel:', error);
+            }
+        }
 
-			function getDescription(itemURI) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + escapeHtml(itemURI) + ">";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+        async function getDescription(itemURI) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                DESCRIBE <${encodeHTML(itemURI)}>
+            `;
+            try {
+                const data = await fetchData(query, "n-triples");
+                data.forEach(triple => {
+                    const predicateValue = triple.predicate;
+                    const objectValue = triple.object;
+                    if (predicateValue === "http://www.w3.org/2004/02/skos/core#definition") getNote(objectValue, "note-generale");
+                    else if (predicateValue === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(objectValue, "note-generale");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(objectValue, "contenu-central");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(objectValue, "contenu-limite");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(objectValue, "exclusions");
+                    else if (predicateValue === "http://www.w3.org/2004/02/skos/core#note") getNote(objectValue, "remarques");
+                });
+            } catch (error) {
+                console.error('Error in getDescription:', error);
+            }
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var bindingObject = data.results.bindings[index];
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale");
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions");
-						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques");
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        async function getChildren(itemURI, childType) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?code ?label WHERE {
+                    <${encodeHTML(itemURI)}> skos:narrower ?child .
+                    ?child skos:notation ?code ; skos:prefLabel ?label .
+                    FILTER langMatches (lang(?label), 'fr')
+                } ORDER BY ?code
+            `;
+            try {
+                const data = await fetchData(query);
+                if (data.results.bindings.length > 0) {
+                    let innerHTML = '<p class="nom-enfants">Liste des produits détaillés</p><ul class="enfants">';
+                    data.results.bindings.forEach(item => {
+                        const childCode = encodeHTML(item.code.value);
+                        const childLabel = encodeHTML(item.label.value);
+                        innerHTML += `<li><p><a href="${replacement}${encodeURIComponent(childCode)}">${childCode} - ${childLabel}</a></p></li>`;
+                    });
+                    innerHTML += '</ul>';
+                    const sousItemsElement = document.getElementById('sous-items');
+                    sousItemsElement.innerHTML = innerHTML;
+                    sousItemsElement.classList.add("sous-items");
+                }
+            } catch (error) {
+                console.error('Error in getChildren:', error);
+            }
+        }
 
-			function getChildren(itemURI, childType) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + escapeHtml(itemURI) + "> skos:narrower ?child . ";
-				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+        async function getNote(uri, tag) {
+            const query = `
+                SELECT ?text WHERE {
+                    <${encodeHTML(uri)}> <http://eurovoc.europa.eu/schema#noteLiteral> ?text
+                }
+            `;
+            try {
+                const data = await fetchData(query);
+                const noteText = encodeHTML(data.results.bindings[0].text.value.replace(regex, replacement));
+                const tagElement = document.getElementById(tag);
+                tagElement.innerHTML += noteText.replace(/\\\$/g, "<br />");
+                tagElement.classList.add(tag);
+            } catch (error) {
+                console.error('Error in getNote:', error);
+            }
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var innerHTML = '<p class="nom-enfants">Liste des produits détaillés</p><ul class="enfants">';
-						for (var index = 0; index < data.results.bindings.length; index++) {
-							var childCode = data.results.bindings[index].code.value;
-							innerHTML += '<li><p><a href="'+ replacement + escapeHtml(childCode) + '">' + escapeHtml(childCode) + ' - ' + escapeHtml(data.results.bindings[index].label.value) + '</a></p></li>';
-						}
-						innerHTML += '</ul>';
-						$('#sous-items').html(innerHTML);
-						$('#sous-items').addClass("sous-items");
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        function getURLParameter(name) {
+            const result = new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search);
+            return result ? decodeURIComponent(result[1].replace(/\+/g, '%20')) : null;
+        }
 
-			function getURLParameter(name) {
-    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20')) || null;
-			}
+        function breadcrumbs(code, finalLink) {
+            let niveau;
+            if (code && code.length > 6) {
+                niveau = 'Produit détaillé ';
+            } else {
+                niveau = 'Produit agrégé ';
+            }
+            const name = `${niveau}${encodeHTML(code)}`;
+            const fin = finalLink ?
+                `<li><a href="${replacement}${encodeURIComponent(code)}" title="${name}">${name}</a></li>` :
+                `<li>${name}</li>`;
 
-			function getNote(uri, tag) {
-				var query = 'SELECT ?text WHERE { <' + escapeHtml(uri) + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }';
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+            if (code && code.length <= 6) {
+                return `<li><a href="eap.htm" title="Accueil">${nomenclature.toUpperCase()}</a></li>&nbsp;${fin}`;
+            } else if (code) {
+                return `${breadcrumbs(getParentCode(code), true)}&nbsp;${fin}`;
+            }
+            return '';
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
-						$('#' + tag).append(escapeHtml(noteText).replace(/\\\$/g, "<br />"));
-						$('#' + tag).addClass(tag);
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        function getParentCode(code) {
+            if (code && code.length > 6) {
+                let codeParent = code.substr(0, parentLength[1]);
+                if (/[A-Z]/.test(code.slice(-1))) {
+                    codeParent += code.slice(-1).toLowerCase();
+                }
+                return codeParent;
+            }
+            return null;
+        }
 
-			function breadcrumbs(code, finalLink) {
-				var niveau;
-				if (code && code.length > 6) {
-					niveau = 'Produit détaillé ';
-				} else {
-					niveau = 'Produit agrégé ';
-				}
-				var name = escapeHtml(niveau + code);
-				var html;
-				var fin = (finalLink ?
-					('<li><a href="'+ replacement + escapeHtml(code) +'" title="' + name + '">' + name + '</a></li>')
-					: ('<li>' + name + '</li>')
-				);
+        // Encode HTML entities to prevent XSS
+        function encodeHTML(str) {
+            return str.replace(/&/g, '&amp;')
+                      .replace(/</g, '&lt;')
+                      .replace(/>/g, '&gt;')
+                      .replace(/"/g, '&quot;')
+                      .replace(/'/g, '&#39;');
+        }
 
-				if (code && code.length <= 6) {
-					html = '<li><a href="eap.htm" title="Accueil">'+ escapeHtml(nomenclature.toUpperCase()) +'</a></li>&nbsp;' + fin;
-				} else if (code) {
-					html = breadcrumbs(getParentCode(code), true) + '&nbsp;' + fin;
-				}
-				return html;
-			}
-
-			function getParentCode(code) {
-				var codeParent;
-				if (code && code.length > 6) {
-					codeParent = code.substr(0, parentLength[1]);
-					if (code.slice(-1).match(/[A-Z]/)) {
-						codeParent += code.slice(-1).toLowerCase();
-					}
-					return codeParent;
-				}
-				return null;
-			}
-		</script>
-	</head>
-	<body>
-		<div id="fil-ariane"></div>
-		<h1 id="label" class="item"></h1>
-		<br/>
-		<div id="notes">
-			<div id="note-generale"></div>
-			<div id="contenu-central"></div>
-			<div id="contenu-limite"></div>
-			<div id="exclusions"></div>
-			<div id="remarques"></div>
-		</div>
-		<div id="sous-items"></div>
-	</body>
+        // Sanitize input to prevent XSS
+        function sanitizeInput(input) {
+            return input ? input.replace(/[^a-zA-Z0-9-_]/g, '') : '';
+        }
+    </script>
+</head>
+<body>
+    <div id="fil-ariane"></div>
+    <h1 id="label" class="item"></h1>
+    <br/>
+    <div id="notes">
+        <div id="note-generale"></div>
+        <div id="contenu-central"></div>
+        <div id="contenu-limite"></div>
+        <div id="exclusions"></div>
+        <div id="remarques"></div>
+    </div>
+    <div id="sous-items"></div>
+</body>
 </html>
diff --git a/pages/common/eap2022/eap.htm b/pages/common/eap2022/eap.htm
index ac1d146..36c884d 100644
--- a/pages/common/eap2022/eap.htm
+++ b/pages/common/eap2022/eap.htm
@@ -1,61 +1,106 @@
 <!DOCTYPE html>
 <html>
-		<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
-        <title>Consultation - EAP 2022</title>
-        <link href="../commun.css" rel="stylesheet" type="text/css"/>
-		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
-		<script>
-			var endpointURL = "https://rdf.insee.fr/sparql";
-			var racine = "http://id.insee.fr/codes/";
-			var nomenclature="eap2022";
-			var niveau="produits";
-			var niveau2="produitsAgreges";
-			$(document).ready(function() {
-
-				var query = 'PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ';
-				query += 'SELECT ?code ?label WHERE {GRAPH <http://rdf.insee.fr/graphes/codes/'+nomenclature+'> { ?uri skos:prefLabel ?label ; skos:notation ?code . '
-				query += '<'+racine+nomenclature+'/'+niveau+'> skos:member ?uri .  FILTER langMatches (lang(?label), "fr")} . } ORDER BY ?code';
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-
-				$.getJSON(queryURL).success(function(data) {
-
-					var innerHTML = '<p class="nom-enfants"> Liste des produits détaillés </p><ul class="enfants">';
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var childCode = data.results.bindings[index].code.value;
-						innerHTML += '<li><p><a href="display-item.htm?code=' + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
-					}
-					innerHTML += '</ul>';
-					$('#sous-items2').html(innerHTML);
-
-
-				});
-				
-				
-				var query2 = 'PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ';
-				query2 += 'SELECT ?code ?label WHERE {GRAPH <http://rdf.insee.fr/graphes/codes/'+nomenclature+'> { ?uri skos:prefLabel ?label ; skos:notation ?code . '
-				query2 += '<'+racine+nomenclature+'/'+niveau2+'> skos:member ?uri .  FILTER langMatches (lang(?label), "fr")} . } ORDER BY ?code';
-				var queryURL2 = endpointURL + "?query=" + encodeURIComponent(query2);
-					
-					$.getJSON(queryURL2).success(function(data) {
-					var innerHTML = '<p class="nom-enfants"> Liste des produits agrégés </p><ul class="enfants">';
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var childCode = data.results.bindings[index].code.value;
-						innerHTML += '<li><p><a href="display-item.htm?code=' + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
-					}
-					innerHTML += '</ul>';
-					
-					$('#sous-items1').html(innerHTML);
-					});
-			});
-
-		</script>
-	</head>
-	<body>
-		<h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP) 2022</h1>
-		<div class="note-generale">
-			<p>Liste des produits de l'Enquête Annuelle de Production 2022</p>
-		</div>
-		<div id="sous-items1" class="sous-items" style="width: 45%; float: left;"></div>
-		<div id="sous-items2" class="sous-items" style="width: 45%; float: left;"></div>
-	</body>
+<head>
+    <meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
+    <title>Consultation - EAP 2022</title>
+    <link href="../commun.css" rel="stylesheet" type="text/css"/>
+    <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
+    <script src="https://cdn.jsdelivr.net/npm/handlebars@latest/dist/handlebars.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.1.6/purify.min.js" integrity="sha384-kphE34mJ4ksz5JkDejM0mI+5qbb+mRyVDCJm3nDA56bbUFflqAr6KPT3AKz3qOgh" crossorigin="anonymous"></script>
+</head>
+<body>
+    <h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP) 2022</h1>
+    <div class="note-generale">
+        <p>Liste des produits de l'Enquête Annuelle de Production 2022</p>
+    </div>
+    <div id="sous-items1" class="sous-items" style="width: 45%; float: left;"></div>
+    <div id="sous-items2" class="sous-items" style="width: 45%; float: left;"></div>
+
+    <!-- Template for items -->
+    <script id="items-template" type="text/x-handlebars-template">
+        <p class="nom-enfants">{{sanitize title}}</p>
+        <ul class="enfants">
+        {{#each items}}
+            <li><p><a href="display-item.htm?code={{encodeURIComponent code}}">{{sanitize code}} - {{sanitize label}}</a></p></li>
+        {{/each}}
+        </ul>
+    </script>
+
+    <script>
+        const endpointURL = "https://rdf.insee.fr/sparql";
+        const racine = "http://id.insee.fr/codes/";
+        const nomenclature = "eap2022";
+        const niveau = "produits";
+        const niveau2 = "produitsAgreges";
+
+        document.addEventListener("DOMContentLoaded", function() {
+            const fetchData = (queryURL, elementId, title) => {
+                fetch(queryURL, {
+                    headers: {
+                        'Accept': 'application/sparql-results+json'
+                    }
+                })
+                .then(response => {
+                    if (!response.ok) {
+                        throw new Error('Network response was not ok');
+                    }
+                    return response.json();
+                })
+                .then(data => {
+                    const templateSource = document.getElementById('items-template').innerHTML;
+                    const template = Handlebars.compile(templateSource);
+
+                    const context = {
+                        title: DOMPurify.sanitize(title),
+                        items: data.results.bindings.map(item => ({
+                            code: DOMPurify.sanitize(item.code.value),
+                            label: DOMPurify.sanitize(item.label.value)
+                        }))
+                    };
+
+                    document.getElementById(elementId).innerHTML = DOMPurify.sanitize(template(context));
+                })
+                .catch(error => console.error('Error fetching data:', error));
+            };
+
+            const query1 = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?code ?label WHERE {
+                    GRAPH <http://rdf.insee.fr/graphes/codes/${nomenclature}> {
+                        ?uri skos:prefLabel ?label ;
+                             skos:notation ?code .
+                        <${racine}${nomenclature}/${niveau}> skos:member ?uri .
+                        FILTER langMatches(lang(?label), "fr")
+                    }
+                } ORDER BY ?code
+            `;
+            const queryURL1 = `${endpointURL}?query=${encodeURIComponent(query1)}`;
+            fetchData(queryURL1, 'sous-items2', 'Liste des produits détaillés');
+
+            const query2 = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?code ?label WHERE {
+                    GRAPH <http://rdf.insee.fr/graphes/codes/${nomenclature}> {
+                        ?uri skos:prefLabel ?label ;
+                             skos:notation ?code .
+                        <${racine}${nomenclature}/${niveau2}> skos:member ?uri .
+                        FILTER langMatches(lang(?label), "fr")
+                    }
+                } ORDER BY ?code
+            `;
+            const queryURL2 = `${endpointURL}?query=${encodeURIComponent(query2)}`;
+            fetchData(queryURL2, 'sous-items1', 'Liste des produits agrégés');
+        });
+
+        // Helper to encode URL components
+        Handlebars.registerHelper('encodeURIComponent', function(context) {
+            return encodeURIComponent(context);
+        });
+
+        // Helper to sanitize input
+        Handlebars.registerHelper('sanitize', function(context) {
+            return Handlebars.escapeExpression(context);
+        });
+    </script>
+</body>
 </html>
diff --git a/pages/common/eap2023/display-item.htm b/pages/common/eap2023/display-item.htm
index b41b958..ed31c21 100644
--- a/pages/common/eap2023/display-item.htm
+++ b/pages/common/eap2023/display-item.htm
@@ -1,169 +1,224 @@
 <!DOCTYPE html>
-<html lang="fr">
-	<head>
-		<meta charset="utf-8">
-		<meta name="viewport" content="width=device-width, initial-scale=1.0">
-		<meta name="description" content="EAP - consultation">
-		<title>EAP - consultation</title>
-		<link href="../commun.css" rel="stylesheet" type="text/css"/>
-		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
-		<script>
-			var endpointURL = "https://rdf.insee.fr/sparql";
-			var racine = "http://id.insee.fr/codes/";
-			var nomenclature = "eap2023";
-			var regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
-			var replacement = 'display-item.htm?code=';
-			var itemTypes = ['Produit', 'produit'];
-			var parentLength = [0, 4];
+<html>
+<head>
+    <meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
+    <title>EAP - consultation</title>
+    <link href="../commun.css" rel="stylesheet" type="text/css"/>
+    <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
+    <script>
+        const endpointURL = "https://rdf.insee.fr/sparql";
+        const racine = "http://id.insee.fr/codes/";
+        const nomenclature = "eap2023";
+        const regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
+        const replacement = 'display-item.htm?code=';
+        const itemTypes = ['Produit', 'produit'];
+        const parentLength = [0, 4];
 
-			$(document).ready(function() {
-				var code = getURLParameter('code');
-				$('#fil-ariane').html('<ul>' + breadcrumbs(code, false) + '</ul>');
-				getLabel(code);
-			});
+        document.addEventListener("DOMContentLoaded", function() {
+            const code = sanitizeInput(getURLParameter('code'));
+            if (code) {
+                document.getElementById('fil-ariane').innerHTML = '<ul>' + breadcrumbs(code, false) + '</ul>';
+                getLabel(code);
+            }
+        });
 
-			function escapeHtml(text) {
-				var map = {
-					'&': '&amp;',
-					'<': '&lt;',
-					'>': '&gt;',
-					'"': '&quot;',
-					"'": '&#039;'
-				};
-				return text.replace(/[&<>"']/g, function(m) { return map[m]; });
-			}
+        async function fetchData(query, type = "json") {
+            const headers = {
+                'Accept': type === 'n-triples' ? 'application/n-triples' : 'application/sparql-results+json'
+            };
+            try {
+                const response = await fetch(`${endpointURL}?query=${encodeURIComponent(query)}`, {
+                    method: 'GET',
+                    headers: headers,
+                });
+                if (!response.ok) {
+                    throw new Error('Network response was not ok');
+                }
+                const contentType = response.headers.get("content-type");
+                if (type === "json" && contentType.includes("application/sparql-results+json")) {
+                    return await response.json();
+                } else if (type === "n-triples" && contentType.includes("application/n-triples")) {
+                    const text = await response.text();
+                    return parseNTriples(text);
+                } else {
+                    throw new Error('Received content is not in the expected format');
+                }
+            } catch (error) {
+                console.error('Error fetching data:', error);
+                throw error;
+            }
+        }
 
-			function getLabel(code) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ";
-				query += "SELECT ?uri ?label WHERE {";
-				query += "GRAPH <http://rdf.insee.fr/graphes/codes/" + nomenclature + "> {";
-				query += "?uri skos:prefLabel ?label ; skos:notation '" + escapeHtml(code);
-				query += "'. FILTER langMatches (lang(?label), 'fr')}";
-				query += " . }";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+        function parseNTriples(text) {
+            const triples = text.trim().split('\n').map(line => {
+                const match = line.match(/<([^>]*)>\s*<([^>]*)>\s*<([^>]*)>|<([^>]*)>\s*<([^>]*)>\s*"([^"]*)"/);
+                if (match) {
+                    return {
+                        subject: match[1] || match[4],
+                        predicate: match[2] || match[5],
+                        object: match[3] || match[6]
+                    };
+                } else {
+                    console.error('Failed to parse n-triple line:', line);
+                    return null;
+                }
+            });
+            return triples.filter(triple => triple !== null);
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var itemURI = data.results.bindings[0].uri.value;
-						$('#label').html(escapeHtml(code) + " - " + escapeHtml(data.results.bindings[0].label.value));
-						if (code.length > 6) {
-							getDescription(itemURI);
-						}
-						var childTypeIndex = (code.length == 6 ? 1 : 0);
-						getChildren(itemURI, itemTypes[childTypeIndex]);
-					} else {
-						$('#label').html("<p>Code non trouvé</p>");
-					}
-				}).fail(function() {
-					$('#label').html("<p>Erreur lors de la récupération des données</p>");
-				});
-			}
+        async function getLabel(code) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?uri ?label WHERE {
+                    GRAPH <http://rdf.insee.fr/graphes/codes/${nomenclature}> {
+                        ?uri skos:prefLabel ?label ; skos:notation '${encodeHTML(code)}'.
+                        FILTER langMatches (lang(?label), 'fr')
+                    }
+                }
+            `;
+            try {
+                const data = await fetchData(query);
+                const itemURI = data.results.bindings[0].uri.value;
+                document.getElementById('label').textContent = `${code} - ${data.results.bindings[0].label.value}`;
+                if (code.length > 6) {
+                    getDescription(itemURI);
+                }
+                const childTypeIndex = (code.length == 6 ? 1 : 0);
+                getChildren(itemURI, itemTypes[childTypeIndex]);
+            } catch (error) {
+                console.error('Error in getLabel:', error);
+            }
+        }
 
-			function getDescription(itemURI) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + escapeHtml(itemURI) + ">";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+        async function getDescription(itemURI) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                DESCRIBE <${encodeHTML(itemURI)}>
+            `;
+            try {
+                const data = await fetchData(query, "n-triples");
+                data.forEach(triple => {
+                    const predicateValue = triple.predicate;
+                    const objectValue = triple.object;
+                    if (predicateValue === "http://www.w3.org/2004/02/skos/core#definition") getNote(objectValue, "note-generale");
+                    else if (predicateValue === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(objectValue, "note-generale");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(objectValue, "contenu-central");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(objectValue, "contenu-limite");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(objectValue, "exclusions");
+                    else if (predicateValue === "http://www.w3.org/2004/02/skos/core#note") getNote(objectValue, "remarques");
+                });
+            } catch (error) {
+                console.error('Error in getDescription:', error);
+            }
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var bindingObject = data.results.bindings[index];
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale");
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions");
-						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques");
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        async function getChildren(itemURI, childType) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?code ?label WHERE {
+                    <${encodeHTML(itemURI)}> skos:narrower ?child .
+                    ?child skos:notation ?code ; skos:prefLabel ?label .
+                    FILTER langMatches (lang(?label), 'fr')
+                } ORDER BY ?code
+            `;
+            try {
+                const data = await fetchData(query);
+                if (data.results.bindings.length > 0) {
+                    let innerHTML = '<p class="nom-enfants">Liste des produits détaillés</p><ul class="enfants">';
+                    data.results.bindings.forEach(item => {
+                        const childCode = encodeHTML(item.code.value);
+                        const childLabel = encodeHTML(item.label.value);
+                        innerHTML += `<li><p><a href="${replacement}${encodeURIComponent(childCode)}">${childCode} - ${childLabel}</a></p></li>`;
+                    });
+                    innerHTML += '</ul>';
+                    const sousItemsElement = document.getElementById('sous-items');
+                    sousItemsElement.innerHTML = innerHTML;
+                    sousItemsElement.classList.add("sous-items");
+                }
+            } catch (error) {
+                console.error('Error in getChildren:', error);
+            }
+        }
 
-			function getChildren(itemURI, childType) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + escapeHtml(itemURI) + "> skos:narrower ?child . ";
-				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+        async function getNote(uri, tag) {
+            const query = `
+                SELECT ?text WHERE {
+                    <${encodeHTML(uri)}> <http://eurovoc.europa.eu/schema#noteLiteral> ?text
+                }
+            `;
+            try {
+                const data = await fetchData(query);
+                const noteText = encodeHTML(data.results.bindings[0].text.value.replace(regex, replacement));
+                const tagElement = document.getElementById(tag);
+                tagElement.innerHTML += noteText.replace(/\\\$/g, "<br />");
+                tagElement.classList.add(tag);
+            } catch (error) {
+                console.error('Error in getNote:', error);
+            }
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var innerHTML = '<p class="nom-enfants">Liste des produits détaillés</p><ul class="enfants">';
-						for (var index = 0; index < data.results.bindings.length; index++) {
-							var childCode = data.results.bindings[index].code.value;
-							innerHTML += '<li><p><a href="' + replacement + escapeHtml(childCode) + '">' + escapeHtml(childCode) + ' - ' + escapeHtml(data.results.bindings[index].label.value) + '</a></p></li>';
-						}
-						innerHTML += '</ul>';
-						$('#sous-items').html(innerHTML);
-						$('#sous-items').addClass("sous-items");
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        function getURLParameter(name) {
+            const result = new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search);
+            return result ? decodeURIComponent(result[1].replace(/\+/g, '%20')) : null;
+        }
 
-			function getURLParameter(name) {
-    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20')) || null;
-			}
+        function breadcrumbs(code, finalLink) {
+            let niveau;
+            if (code && code.length > 6) {
+                niveau = 'Produit détaillé ';
+            } else {
+                niveau = 'Produit agrégé ';
+            }
+            const name = `${niveau}${encodeHTML(code)}`;
+            const fin = finalLink ?
+                `<li><a href="${replacement}${encodeURIComponent(code)}" title="${name}">${name}</a></li>` :
+                `<li>${name}</li>`;
 
-			function getNote(uri, tag) {
-				var query = 'SELECT ?text WHERE { <' + escapeHtml(uri) + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }';
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+            if (code && code.length <= 6) {
+                return `<li><a href="eap.htm" title="Accueil">${nomenclature.toUpperCase()}</a></li>&nbsp;${fin}`;
+            } else if (code) {
+                return `${breadcrumbs(getParentCode(code), true)}&nbsp;${fin}`;
+            }
+            return '';
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
-						$('#' + tag).append(escapeHtml(noteText).replace(/\\\$/g, "<br />"));
-						$('#' + tag).addClass(tag);
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        function getParentCode(code) {
+            if (code && code.length > 6) {
+                let codeParent = code.substr(0, parentLength[1]);
+                if (/[A-Z]/.test(code.slice(-1))) {
+                    codeParent += code.slice(-1).toLowerCase();
+                }
+                return codeParent;
+            }
+            return null;
+        }
 
-			function breadcrumbs(code, finalLink) {
-				var niveau;
-				if (code && code.length > 6) {
-					niveau = 'Produit détaillé ';
-				} else {
-					niveau = 'Produit agrégé ';
-				}
-				var name = escapeHtml(niveau + code);
-				var html;
-				var fin = (finalLink ?
-					('<li><a href="' + replacement + escapeHtml(code) + '" title="' + name + '">' + name + '</a></li>')
-					: ('<li>' + name + '</li>')
-				);
+        // Encode HTML entities to prevent XSS
+        function encodeHTML(str) {
+            return str.replace(/&/g, '&amp;')
+                      .replace(/</g, '&lt;')
+                      .replace(/>/g, '&gt;')
+                      .replace(/"/g, '&quot;')
+                      .replace(/'/g, '&#39;');
+        }
 
-				if (code && code.length <= 6) {
-					html = '<li><a href="eap.htm" title="Accueil">' + escapeHtml(nomenclature.toUpperCase()) + '</a></li>&nbsp;' + fin;
-				} else if (code) {
-					html = breadcrumbs(getParentCode(code), true) + '&nbsp;' + fin;
-				}
-				return html;
-			}
-
-			function getParentCode(code) {
-				var codeParent;
-				if (code && code.length > 6) {
-					codeParent = code.substr(0, parentLength[1]);
-					if (code.slice(-1).match(/[A-Z]/)) {
-						codeParent += code.slice(-1).toLowerCase();
-					}
-					return codeParent;
-				}
-				return null;
-			}
-		</script>
-	</head>
-	<body>
-		<div id="fil-ariane"></div>
-		<h1 id="label" class="item"></h1>
-		<br/>
-		<div id="notes">
-			<div id="note-generale"></div>
-			<div id="contenu-central"></div>
-			<div id="contenu-limite"></div>
-			<div id="exclusions"></div>
-			<div id="remarques"></div>
-		</div>
-		<div id="sous-items"></div>
-	</body>
+        // Sanitize input to prevent XSS
+        function sanitizeInput(input) {
+            return input ? input.replace(/[^a-zA-Z0-9-_]/g, '') : '';
+        }
+    </script>
+</head>
+<body>
+    <div id="fil-ariane"></div>
+    <h1 id="label" class="item"></h1>
+    <br/>
+    <div id="notes">
+        <div id="note-generale"></div>
+        <div id="contenu-central"></div>
+        <div id="contenu-limite"></div>
+        <div id="exclusions"></div>
+        <div id="remarques"></div>
+    </div>
+    <div id="sous-items"></div>
+</body>
 </html>
diff --git a/pages/common/eap2023/eap.htm b/pages/common/eap2023/eap.htm
index b149056..59157bb 100644
--- a/pages/common/eap2023/eap.htm
+++ b/pages/common/eap2023/eap.htm
@@ -1,61 +1,106 @@
 <!DOCTYPE html>
 <html>
-		<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
-        <title>Consultation - EAP 2023</title>
-        <link href="../commun.css" rel="stylesheet" type="text/css"/>
-		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
-		<script>
-			var endpointURL = "https://rdf.insee.fr/sparql";
-			var racine = "http://id.insee.fr/codes/";
-			var nomenclature="eap2023";
-			var niveau="produits";
-			var niveau2="produitsAgreges";
-			$(document).ready(function() {
-
-				var query = 'PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ';
-				query += 'SELECT ?code ?label WHERE {GRAPH <http://rdf.insee.fr/graphes/codes/'+nomenclature+'> { ?uri skos:prefLabel ?label ; skos:notation ?code . '
-				query += '<'+racine+nomenclature+'/'+niveau+'> skos:member ?uri .  FILTER langMatches (lang(?label), "fr")} . } ORDER BY ?code';
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-
-				$.getJSON(queryURL).success(function(data) {
-
-					var innerHTML = '<p class="nom-enfants"> Liste des produits détaillés </p><ul class="enfants">';
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var childCode = data.results.bindings[index].code.value;
-						innerHTML += '<li><p><a href="display-item.htm?code=' + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
-					}
-					innerHTML += '</ul>';
-					$('#sous-items2').html(innerHTML);
-
-
-				});
-				
-				
-				var query2 = 'PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ';
-				query2 += 'SELECT ?code ?label WHERE {GRAPH <http://rdf.insee.fr/graphes/codes/'+nomenclature+'> { ?uri skos:prefLabel ?label ; skos:notation ?code . '
-				query2 += '<'+racine+nomenclature+'/'+niveau2+'> skos:member ?uri .  FILTER langMatches (lang(?label), "fr")} . } ORDER BY ?code';
-				var queryURL2 = endpointURL + "?query=" + encodeURIComponent(query2);
-					
-					$.getJSON(queryURL2).success(function(data) {
-					var innerHTML = '<p class="nom-enfants"> Liste des produits agrégés </p><ul class="enfants">';
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var childCode = data.results.bindings[index].code.value;
-						innerHTML += '<li><p><a href="display-item.htm?code=' + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
-					}
-					innerHTML += '</ul>';
-					
-					$('#sous-items1').html(innerHTML);
-					});
-			});
-
-		</script>
-	</head>
-	<body>
-		<h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP) 2023</h1>
-		<div class="note-generale">
-			<p>Liste des produits de l'Enquête Annuelle de Production 2023</p>
-		</div>
-		<div id="sous-items1" class="sous-items" style="width: 45%; float: left;"></div>
-		<div id="sous-items2" class="sous-items" style="width: 45%; float: left;"></div>
-	</body>
+<head>
+    <meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
+    <title>Consultation - EAP 2021</title>
+    <link href="../commun.css" rel="stylesheet" type="text/css"/>
+    <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
+    <script src="https://cdn.jsdelivr.net/npm/handlebars@latest/dist/handlebars.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.1.6/purify.min.js" integrity="sha384-kphE34mJ4ksz5JkDejM0mI+5qbb+mRyVDCJm3nDA56bbUFflqAr6KPT3AKz3qOgh" crossorigin="anonymous"></script>
+</head>
+<body>
+    <h1 class="titre-class">Nomenclatures de l'Enquête Annuelle de Production (EAP) 2021</h1>
+    <div class="note-generale">
+        <p>Liste des produits de l'Enquête Annuelle de Production 2021</p>
+    </div>
+    <div id="sous-items1" class="sous-items" style="width: 45%; float: left;"></div>
+    <div id="sous-items2" class="sous-items" style="width: 45%; float: left;"></div>
+
+    <!-- Template for items -->
+    <script id="items-template" type="text/x-handlebars-template">
+        <p class="nom-enfants">{{sanitize title}}</p>
+        <ul class="enfants">
+        {{#each items}}
+            <li><p><a href="display-item.htm?code={{encodeURIComponent code}}">{{sanitize code}} - {{sanitize label}}</a></p></li>
+        {{/each}}
+        </ul>
+    </script>
+
+    <script>
+        const endpointURL = "https://rdf.insee.fr/sparql";
+        const racine = "http://id.insee.fr/codes/";
+        const nomenclature = "eap2021";
+        const niveau = "produits";
+        const niveau2 = "produitsAgreges";
+
+        document.addEventListener("DOMContentLoaded", function() {
+            const fetchData = (queryURL, elementId, title) => {
+                fetch(queryURL, {
+                    headers: {
+                        'Accept': 'application/sparql-results+json'
+                    }
+                })
+                .then(response => {
+                    if (!response.ok) {
+                        throw new Error('Network response was not ok');
+                    }
+                    return response.json();
+                })
+                .then(data => {
+                    const templateSource = document.getElementById('items-template').innerHTML;
+                    const template = Handlebars.compile(templateSource);
+
+                    const context = {
+                        title: DOMPurify.sanitize(title),
+                        items: data.results.bindings.map(item => ({
+                            code: DOMPurify.sanitize(item.code.value),
+                            label: DOMPurify.sanitize(item.label.value)
+                        }))
+                    };
+
+                    document.getElementById(elementId).innerHTML = DOMPurify.sanitize(template(context));
+                })
+                .catch(error => console.error('Error fetching data:', error));
+            };
+
+            const query1 = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?code ?label WHERE {
+                    GRAPH <http://rdf.insee.fr/graphes/codes/${nomenclature}> {
+                        ?uri skos:prefLabel ?label ;
+                             skos:notation ?code .
+                        <${racine}${nomenclature}/${niveau}> skos:member ?uri .
+                        FILTER langMatches(lang(?label), "fr")
+                    }
+                } ORDER BY ?code
+            `;
+            const queryURL1 = `${endpointURL}?query=${encodeURIComponent(query1)}`;
+            fetchData(queryURL1, 'sous-items2', 'Liste des produits détaillés');
+
+            const query2 = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?code ?label WHERE {
+                    GRAPH <http://rdf.insee.fr/graphes/codes/${nomenclature}> {
+                        ?uri skos:prefLabel ?label ;
+                             skos:notation ?code .
+                        <${racine}${nomenclature}/${niveau2}> skos:member ?uri .
+                        FILTER langMatches(lang(?label), "fr")
+                    }
+                } ORDER BY ?code
+            `;
+            const queryURL2 = `${endpointURL}?query=${encodeURIComponent(query2)}`;
+            fetchData(queryURL2, 'sous-items1', 'Liste des produits agrégés');
+        });
+
+        // Helper to encode URL components
+        Handlebars.registerHelper('encodeURIComponent', function(context) {
+            return encodeURIComponent(context);
+        });
+
+        // Helper to sanitize input
+        Handlebars.registerHelper('sanitize', function(context) {
+            return Handlebars.escapeExpression(context);
+        });
+    </script>
+</body>
 </html>
diff --git a/pages/common/emb2021/display-item.htm b/pages/common/emb2021/display-item.htm
index fc046dd..d4ce609 100644
--- a/pages/common/emb2021/display-item.htm
+++ b/pages/common/emb2021/display-item.htm
@@ -1,176 +1,264 @@
 <!DOCTYPE html>
 <html lang="fr">
-	<head>
-		<meta charset="utf-8">
-		<meta name="viewport" content="width=device-width, initial-scale=1.0">
-		<meta name="description" content="EMB - consultation">
-		<title>EMB - consultation</title>
-		<link href="../commun.css" rel="stylesheet" type="text/css"/>
-		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
-		<script>
-			var endpointURL = "https://rdf.insee.fr/sparql";
-			var racine = "http://id.insee.fr/codes/";
-			var nomenclature = "emb2021";
-			var regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
-			var replacement = 'display-item.htm?code=';
-			var itemTypes = ['Activité de la NAF', 'Produit'];
-			var parentLength = [0, 5];
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="description" content="EMB - consultation">
+    <title>EMB - consultation</title>
+    <link href="../commun.css" rel="stylesheet" type="text/css"/>
+    <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
+    <script>
+        const endpointURL = "https://rdf.insee.fr/sparql";
+        const racine = "http://id.insee.fr/codes/";
+        const nomenclature = "emb2021";
+        const regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
+        const replacement = 'display-item.htm?code=';
+        const itemTypes = ['Activité de la NAF', 'Produit'];
+        const parentLength = [0, 5];
 
-			$(document).ready(function() {
-				var codeAAffiche = getURLParameter('code');
-				var code;
-				if (codeAAffiche.length < 6) {
-					code = codeAAffiche.substring(0, 2) + "." + codeAAffiche.substring(2);
-				} else {
-					code = codeAAffiche;
-				}
-				$('#fil-ariane').html('<ul>' + breadcrumbs(code, false) + '</ul>');
-				getLabel(code);
-			});
+        document.addEventListener("DOMContentLoaded", function() {
+            const code = sanitizeInput(getURLParameter('code'));
+            if (code) {
+                const formattedCode = formatCodeWithDot(code);
+                document.getElementById('fil-ariane').innerHTML = '<ul>' + breadcrumbs(formattedCode, false) + '</ul>';
+                getLabel(formattedCode);
+            } else {
+                console.error('Code is null or empty.');
+            }
+        });
 
-			function escapeHtml(text) {
-				var map = {
-					'&': '&amp;',
-					'<': '&lt;',
-					'>': '&gt;',
-					'"': '&quot;',
-					"'": '&#039;'
-				};
-				return text.replace(/[&<>"']/g, function(m) { return map[m]; });
-			}
+        async function fetchData(query, type = "json") {
+            const headers = {
+                'Accept': type === 'n-triples' ? 'application/n-triples' : 'application/sparql-results+json'
+            };
+            try {
+                const response = await fetch(`${endpointURL}?query=${encodeURIComponent(query)}`, {
+                    method: 'GET',
+                    headers: headers,
+                });
+                if (!response.ok) {
+                    throw new Error('Network response was not ok');
+                }
+                const contentType = response.headers.get("content-type");
+                if (type === "json" && contentType.includes("application/sparql-results+json")) {
+                    return await response.json();
+                } else if (type === "n-triples" && contentType.includes("application/n-triples")) {
+                    const text = await response.text();
+                    return parseNTriples(text);
+                } else {
+                    throw new Error('Received content is not in the expected format');
+                }
+            } catch (error) {
+                console.error('Error fetching data:', error);
+                throw error;
+            }
+        }
 
-			function getLabel(code) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ";
-				query += "SELECT ?uri ?label WHERE {";
-				query += "?uri skos:prefLabel ?label ; skos:notation '" + escapeHtml(code);
-				query += "'. FILTER langMatches (lang(?label), 'fr')}";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-				var codeAAffiche = code.replace(".", "");
+        function parseNTriples(text) {
+            const triples = text.trim().split('\n').map(line => {
+                const match = line.match(/<([^>]*)>\s*<([^>]*)>\s*<([^>]*)>|<([^>]*)>\s*<([^>]*)>\s*"([^"]*)"/);
+                if (match) {
+                    return {
+                        subject: match[1] || match[4],
+                        predicate: match[2] || match[5],
+                        object: match[3] || match[6]
+                    };
+                } else {
+                    console.error('Failed to parse n-triple line:', line);
+                    return null;
+                }
+            });
+            return triples.filter(triple => triple !== null);
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var itemURI = data.results.bindings[0].uri.value;
-						$('#label').html(escapeHtml(codeAAffiche) + " - " + escapeHtml(data.results.bindings[0].label.value));
-						if (code.length > 6) {
-							getDescription(itemURI);
-						} else {
-							var childTypeIndex = (code.length == 6 ? 1 : 0);
-							getChildren(itemURI, itemTypes[childTypeIndex]);
-						}
-					} else {
-						$('#label').html("<p>Code non trouvé</p>");
-					}
-				}).fail(function() {
-					$('#label').html("<p>Erreur lors de la récupération des données</p>");
-				});
-			}
+        async function getLabel(code) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?uri ?label WHERE {
+                    ?uri skos:prefLabel ?label ; skos:notation '${encodeHTML(code)}'.
+                    FILTER langMatches (lang(?label), 'fr')
+                }
+            `;
+            try {
+                const data = await fetchData(query);
+                if (data.results.bindings.length > 0) {
+                    const itemURI = data.results.bindings[0].uri.value;
+                    document.getElementById('label').textContent = `${code} - ${data.results.bindings[0].label.value}`;
+                    if (code.length > 6) {
+                        getDescription(itemURI);
+                    } else {
+                        const childTypeIndex = (code.length === 5 ? 1 : 0);
+                        getChildren(itemURI, itemTypes[childTypeIndex], code.replace('.', ''));
+                    }
+                } else {
+                    document.getElementById('label').innerHTML = "<p>Code non trouvé</p>";
+                }
+            } catch (error) {
+                document.getElementById('label').innerHTML = "<p>Erreur lors de la récupération des données</p>";
+                console.error('Error in getLabel:', error);
+            }
+        }
 
-			function getDescription(itemURI) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + itemURI + ">";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+        async function getDescription(itemURI) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                DESCRIBE <${encodeHTML(itemURI)}>
+            `;
+            try {
+                const data = await fetchData(query, "n-triples");
+                data.forEach(triple => {
+                    const predicateValue = triple.predicate;
+                    const objectValue = triple.object;
+                    if (predicateValue === "http://www.w3.org/2004/02/skos/core#definition") getNote(objectValue, "note-generale");
+                    else if (predicateValue === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(objectValue, "note-generale");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(objectValue, "contenu-central");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(objectValue, "contenu-limite");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(objectValue, "exclusions");
+                    else if (predicateValue === "http://www.w3.org/2004/02/skos/core#note") getNote(objectValue, "remarques");
+                });
+            } catch (error) {
+                console.error('Error in getDescription:', error);
+            }
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var bindingObject = data.results.bindings[index];
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale");
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions");
-						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques");
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        async function getChildren(itemURI, childType, code) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?code ?label WHERE {
+                    <${encodeHTML(itemURI)}> skos:relatedMatch ?child .
+                    ?child skos:notation ?code ; skos:prefLabel ?label .
+                    FILTER langMatches (lang(?label), 'fr')
+                } ORDER BY ?code
+            `;
+            try {
+                const data = await fetchData(query);
+                if (data.results.bindings.length > 0) {
+                    let innerHTML = '<p class="nom-enfants">' + escapeHtml(childType) + (data.results.bindings.length > 1 ? 's' : '') + '</p><ul class="enfants">';
+                    data.results.bindings.forEach(item => {
+                        const childCode = encodeHTML(item.code.value);
+                        const childLabel = encodeHTML(item.label.value);
+                        const displayCode = formatCodeWithDot(childCode);
+                        innerHTML += `<li><p><a href="${replacement}${encodeURIComponent(childCode.replace('.', ''))}">${displayCode} - ${childLabel}</a></p></li>`;
+                    });
+                    innerHTML += '</ul>';
+                    const sousItemsElement = document.getElementById('sous-items');
+                    sousItemsElement.innerHTML = innerHTML;
+                    sousItemsElement.classList.add("sous-items");
+                } else {
+                    document.getElementById('sous-items').innerHTML = "<p>Aucun produit trouvé</p>";
+                }
+            } catch (error) {
+                document.getElementById('sous-items').innerHTML = "<p>Erreur lors de la récupération des données</p>";
+                console.error('Error in getChildren:', error);
+            }
+        }
 
-			function getChildren(itemURI, childType) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + escapeHtml(itemURI) + "> skos:relatedMatch ?child . ";
-				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+        async function getNote(uri, tag) {
+            const query = `
+                SELECT ?text WHERE {
+                    <${encodeHTML(uri)}> <http://eurovoc.europa.eu/schema#noteLiteral> ?text
+                }
+            `;
+            try {
+                const data = await fetchData(query);
+                if (data.results.bindings.length > 0) {
+                    const noteText = encodeHTML(data.results.bindings[0].text.value.replace(regex, replacement));
+                    const tagElement = document.getElementById(tag);
+                    tagElement.innerHTML += noteText.replace(/\\\$/g, "<br />");
+                    tagElement.classList.add(tag);
+                }
+            } catch (error) {
+                console.error('Error in getNote:', error);
+            }
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var innerHTML = '<p class="nom-enfants">' + escapeHtml(childType) + (data.results.bindings.length > 1 ? 's' : '') + '</p><ul class="enfants">';
-						for (var index = 0; index < data.results.bindings.length; index++) {
-							var childCode = data.results.bindings[index].code.value;
-							innerHTML += '<li><p><a href="' + replacement + escapeHtml(childCode) + '">' + escapeHtml(childCode) + ' - ' + escapeHtml(data.results.bindings[index].label.value) + '</a></p></li>';
-						}
-						innerHTML += '</ul>';
-						$('#sous-items').html(innerHTML);
-						$('#sous-items').addClass("sous-items");
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        function getURLParameter(name) {
+            const result = new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search);
+            return result ? decodeURIComponent(result[1].replace(/\+/g, '%20')) : null;
+        }
 
-			function getURLParameter(name) {
-    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20')) || null;
-			}
+        function breadcrumbs(code, finalLink) {
+            if (!code) {
+                console.error('Code is null or empty.');
+                return '';
+            }
+            let niveau;
+            if (code.length > 6) {
+                niveau = 'Produit ';
+            } else {
+                niveau = 'Activité ';
+            }
+            const name = `${niveau}${encodeHTML(code)}`;
+            const fin = finalLink ?
+                `<li><a href="${replacement}${encodeURIComponent(code.replace('.', ''))}" title="${name}">${name}</a></li>` :
+                `<li>${name}</li>`;
 
-			function getNote(uri, tag) {
-				var query = 'SELECT ?text WHERE { <' + escapeHtml(uri) + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }';
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+            if (code.length === 6) {
+                return `<li><a href="emb.htm" title="Accueil">${nomenclature.toUpperCase()}</a></li>&nbsp;${fin}`;
+            } else {
+                const parentCode = getParentCode(code);
+                if (parentCode) {
+                    return `${breadcrumbs(parentCode, true)}&nbsp;${fin}`;
+                } else {
+                    return fin;
+                }
+            }
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
-						$('#' + tag).append(escapeHtml(noteText).replace(/\\\$/g, "<br />"));
-						$('#' + tag).addClass(tag);
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        function getParentCode(code) {
+            if (code && code.length > 6) {
+                let codeParent = code.substr(0, parentLength[1]);
+                codeParent = codeParent.substring(0, 2) + "." + codeParent.substring(2);
+                return codeParent;
+            }
+            return null;
+        }
 
-			function breadcrumbs(code, finalLink) {
-				var codeAAffiche;
-				var niveau;
-				if (code && code.length > 6) {
-					niveau = 'Produit ';
-					codeAAffiche = code;
-				} else {
-					niveau = 'Activité ';
-					codeAAffiche = code.replace(".", "");
-				}
-				var name = escapeHtml(niveau + codeAAffiche);
-				var html;
-				var fin = (finalLink ?
-					('<li><a href="' + replacement + escapeHtml(codeAAffiche) + '" title="' + name + '">' + name + '</a></li>')
-					: ('<li>' + name + '</li>')
-				);
+        function encodeHTML(str) {
+            if (str == null) {
+                return '';
+            }
+            return str.replace(/&/g, '&amp;')
+                      .replace(/</g, '&lt;')
+                      .replace(/>/g, '&gt;')
+                      .replace(/"/g, '&quot;')
+                      .replace(/'/g, '&#39;');
+        }
 
-				if (code && code.length == 6) {
-					html = '<li><a href="emb.htm" title="Accueil">' + escapeHtml(nomenclature.toUpperCase()) + '</a></li>&nbsp;' + fin;
-				} else if (code) {
-					html = breadcrumbs(getParentCode(code), true) + '&nbsp;' + fin;
-				}
-				return html;
-			}
+        function sanitizeInput(input) {
+            return input ? input.replace(/[^a-zA-Z0-9-_]/g, '') : '';
+        }
 
-			function getParentCode(code) {
-				var codeParent;
-				if (code && code.length > 6) {
-					var codeParentSansPoint = code.substr(0, parentLength[1]);
-					codeParent = codeParentSansPoint.substring(0, 2) + "." + codeParentSansPoint.substring(2);
-					return codeParent;
-				}
-				return null;
-			}
-		</script>
-	</head>
-	<body>
-		<div id="fil-ariane"></div>
-		<h1 id="label" class="item"></h1>
-		<br/>
-		<div id="notes">
-			<div id="note-generale"></div>
-			<div id="contenu-central"></div>
-			<div id="contenu-limite"></div>
-			<div id="exclusions"></div>
-			<div id="remarques"></div>
-		</div>
-		<div id="sous-items"></div>
-	</body>
+        function formatCodeWithDot(code) {
+            if (code.length === 5 && !code.includes('.')) {
+                return code.slice(0, 2) + '.' + code.slice(2);
+            }
+            return code;
+        }
+
+        function escapeHtml(text) {
+            const map = {
+                '&': '&amp;',
+                '<': '&lt;',
+                '>': '&gt;',
+                '"': '&quot;',
+                "'": '&#039;'
+            };
+            return text.replace(/[&<>"']/g, function(m) { return map[m]; });
+        }
+    </script>
+</head>
+<body>
+    <div id="fil-ariane"></div>
+    <h1 id="label" class="item"></h1>
+    <br/>
+    <div id="notes">
+        <div id="note-generale"></div>
+        <div id="contenu-central"></div>
+        <div id="contenu-limite"></div>
+        <div id="exclusions"></div>
+        <div id="remarques"></div>
+    </div>
+    <div id="sous-items"></div>
+</body>
 </html>
diff --git a/pages/common/emb2021/emb.htm b/pages/common/emb2021/emb.htm
index e6561a8..50e6696 100644
--- a/pages/common/emb2021/emb.htm
+++ b/pages/common/emb2021/emb.htm
@@ -1,60 +1,110 @@
 <!DOCTYPE html>
-<html>
-		<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
-        <title>Consultation - EMB 2021</title>
-        <link href="../commun.css" rel="stylesheet" type="text/css"/>
-		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
-		<script>
-			var endpointURL = "http://rdf.insee.fr/sparql";
-			var racine = "http://id.insee.fr/codes/";
-			var nomenclature="emb2021";
-			var niveau="produits"
-			//var niveau2="nafr2"
-			$(document).ready(function() {
-
-				var query = 'PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ';
-				query += 'SELECT ?code ?label WHERE {GRAPH <http://rdf.insee.fr/graphes/codes/'+nomenclature+'> { ?uri skos:prefLabel ?label ; skos:notation ?code . '
-				query += '<'+racine+nomenclature+'/'+niveau+'> skos:member ?uri .  FILTER langMatches (lang(?label), "fr")} . } ORDER BY ?code';
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-
-				$.getJSON(queryURL).success(function(data) {
-
-					var innerHTML = '<p class="nom-enfants">Produits</p><ul class="enfants">';
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var childCode = data.results.bindings[index].code.value;
-						innerHTML += '<li><p><a href="display-item.htm?code=' + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
-					}
-					innerHTML += '</ul>';
-					$('#sous-items').html(innerHTML);
-				});
-				
-				
-				var query2 = 'PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ';
-				query2 += 'SELECT distinct ?code ?label WHERE {?uri skos:prefLabel ?label ; skos:notation ?code ; skos:relatedMatch ?child . '
-				query2 += '<'+racine+nomenclature+'/'+niveau+'> skos:member ?child .  FILTER langMatches (lang(?label), "fr") } ORDER BY ?code';
-				
-				var queryURL2 = endpointURL + "?query=" + encodeURIComponent(query2);
-					
-					$.getJSON(queryURL2).success(function(data) {
-					var innerHTML = '<p class="nom-enfants"> Activités de la NAF </p><ul class="enfants">';
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var childCode = data.results.bindings[index].code.value.replace('.','');
-						innerHTML += '<li><p><a href="display-item.htm?code=' + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
-					}
-					innerHTML += '</ul>';
-					
-					$('#sous-items2').html(innerHTML);
-					});
-			});
-
-		</script>
-	</head>
-	<body>
-		<h1 class="titre-class">Nomenclatures des Enquêtes Mensuelles de Branche (EMB) 2021</h1>
-		<div class="note-generale">
-			<p>Liste des produits des Enquêtes Mensuelles de Branche 2021</p>
-		</div>
-		<div id="sous-items" class="sous-items" style="width: 45%; float: left;"></div>
-		<div id="sous-items2" class="sous-items" style="width: 45%; float: left;"></div>
-	</body>
+<html lang="fr">
+<head>
+    <meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
+    <title>Consultation - EMB 2021</title>
+    <link href="../commun.css" rel="stylesheet" type="text/css"/>
+    <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
+    <script src="https://cdn.jsdelivr.net/npm/handlebars@latest/dist/handlebars.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.1.6/purify.min.js" integrity="sha384-+VfUPEb0PdtChMwmBcBmykRMDd+v6D/oFmB3rZM/puCMDYcIvF968OimRh4KQY9a" crossorigin="anonymous"></script>
+</head>
+<body>
+    <h1 class="titre-class">Nomenclatures des Enquêtes Mensuelles de Branche (EMB) 2021</h1>
+    <div class="note-generale">
+        <p>Liste des produits des Enquêtes Mensuelles de Branche 2021</p>
+    </div>
+    <div id="sous-items1" class="sous-items" style="width: 45%; float: left;"></div>
+    <div id="sous-items2" class="sous-items" style="width: 45%; float: left;"></div>
+
+    <!-- Template for items -->
+    <script id="items-template" type="text/x-handlebars-template">
+        <p class="nom-enfants">{{sanitize title}}</p>
+        <ul class="enfants">
+        {{#each items}}
+            <li><p><a href="display-item.htm?code={{encodeURIComponent correctedCode}}">{{{displayCode}}} - {{{label}}}</a></p></li>
+        {{/each}}
+        </ul>
+    </script>
+
+    <script>
+        const endpointURL = "https://rdf.insee.fr/sparql";
+        const racine = "http://id.insee.fr/codes/";
+        const nomenclature = "emb2021";
+        const niveau = "produits";
+        const niveau2 = "produits";
+
+        document.addEventListener("DOMContentLoaded", function() {
+            const fetchData = (queryURL, elementId, title) => {
+                fetch(queryURL, {
+                    headers: {
+                        'Accept': 'application/sparql-results+json'
+                    }
+                })
+                .then(response => {
+                    if (!response.ok) {
+                        throw new Error('Network response was not ok');
+                    }
+                    return response.json();
+                })
+                .then(data => {
+                    const templateSource = document.getElementById('items-template').innerHTML;
+                    const template = Handlebars.compile(templateSource);
+
+                    const context = {
+                        title: DOMPurify.sanitize(title),
+                        items: data.results.bindings.map(item => {
+                            const code = item.code.value;
+                            const displayCode = (code.length === 6 && code.includes('.')) ? code : code.slice(0, 2) + '.' + code.slice(2);
+                            return {
+                                correctedCode: encodeURIComponent(code.replace('.', '')),
+                                displayCode: Handlebars.escapeExpression(displayCode),
+                                label: Handlebars.escapeExpression(item.label.value)
+                            };
+                        })
+                    };
+
+                    document.getElementById(elementId).innerHTML = template(context);
+                })
+                .catch(error => console.error('Error fetching data:', error));
+            };
+
+            const query1 = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?code ?label WHERE {
+                    GRAPH <http://rdf.insee.fr/graphes/codes/${nomenclature}> {
+                        ?uri skos:prefLabel ?label ;
+                             skos:notation ?code .
+                        <${racine}${nomenclature}/${niveau}> skos:member ?uri .
+                        FILTER langMatches(lang(?label), "fr")
+                    }
+                } ORDER BY ?code
+            `;
+            const queryURL1 = `${endpointURL}?query=${encodeURIComponent(query1)}`;
+            fetchData(queryURL1, 'sous-items1', 'Liste des produits');
+
+            const query2 = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT distinct ?code ?label WHERE {
+                    ?uri skos:prefLabel ?label ;
+                         skos:notation ?code ;
+                         skos:relatedMatch ?child .
+                    <${racine}${nomenclature}/${niveau2}> skos:member ?child .
+                    FILTER langMatches(lang(?label), "fr")
+                } ORDER BY ?code
+            `;
+            const queryURL2 = `${endpointURL}?query=${encodeURIComponent(query2)}`;
+            fetchData(queryURL2, 'sous-items2', 'Activités de la NAF');
+        });
+
+        // Helper to encode URL components
+        Handlebars.registerHelper('encodeURIComponent', function(context) {
+            return encodeURIComponent(context);
+        });
+
+        // Helper to sanitize input
+        Handlebars.registerHelper('sanitize', function(context) {
+            return Handlebars.escapeExpression(context);
+        });
+    </script>
+</body>
 </html>

From f4c0b108c3a407ef587e06794f30399a855dccf3 Mon Sep 17 00:00:00 2001
From: JeromeMBourgeois <jerome.bourgeois@insee.fr>
Date: Thu, 8 Aug 2024 17:26:00 +0200
Subject: [PATCH 17/20] Update emb.htm

---
 pages/common/emb2021/emb.htm | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pages/common/emb2021/emb.htm b/pages/common/emb2021/emb.htm
index 50e6696..e18bdf8 100644
--- a/pages/common/emb2021/emb.htm
+++ b/pages/common/emb2021/emb.htm
@@ -63,7 +63,9 @@ <h1 class="titre-class">Nomenclatures des Enquêtes Mensuelles de Branche (EMB)
                         })
                     };
 
-                    document.getElementById(elementId).innerHTML = template(context);
+                    // Sanitize the compiled HTML before injecting it into the DOM
+                    const sanitizedHTML = DOMPurify.sanitize(template(context));
+                    document.getElementById(elementId).innerHTML = sanitizedHTML;
                 })
                 .catch(error => console.error('Error fetching data:', error));
             };

From 07f911c7b8d7479e51e3347a696cbe43fb2d8d78 Mon Sep 17 00:00:00 2001
From: JeromeMBourgeois <jerome.bourgeois@insee.fr>
Date: Fri, 9 Aug 2024 09:04:22 +0200
Subject: [PATCH 18/20] update emb

---
 pages/common/emb2018/display-item.htm | 406 ++++++++++++++++----------
 pages/common/emb2018/emb.htm          | 168 +++++++----
 pages/common/emb2019/display-item.htm | 406 ++++++++++++++++----------
 pages/common/emb2019/emb.htm          | 168 +++++++----
 pages/common/emb2020/display-item.htm | 406 ++++++++++++++++----------
 pages/common/emb2020/emb.htm          | 168 +++++++----
 pages/common/emb2022/display-item.htm | 406 ++++++++++++++++----------
 pages/common/emb2022/emb.htm          | 168 +++++++----
 pages/common/emb2023/display-item.htm | 406 ++++++++++++++++----------
 pages/common/emb2023/emb.htm          | 168 +++++++----
 pages/common/emb2024/display-item.htm | 406 ++++++++++++++++----------
 11 files changed, 2032 insertions(+), 1244 deletions(-)

diff --git a/pages/common/emb2018/display-item.htm b/pages/common/emb2018/display-item.htm
index c59657f..f66cf25 100644
--- a/pages/common/emb2018/display-item.htm
+++ b/pages/common/emb2018/display-item.htm
@@ -1,176 +1,264 @@
 <!DOCTYPE html>
 <html lang="fr">
-	<head>
-		<meta charset="utf-8">
-		<meta name="viewport" content="width=device-width, initial-scale=1.0">
-		<meta name="description" content="EMB - consultation">
-		<title>EMB - consultation</title>
-		<link href="../commun.css" rel="stylesheet" type="text/css"/>
-		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
-		<script>
-			var endpointURL = "https://rdf.insee.fr/sparql";
-			var racine = "http://id.insee.fr/codes/";
-			var nomenclature = "emb2018";
-			var regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
-			var replacement = 'display-item.htm?code=';
-			var itemTypes = ['Activité de la NAF', 'Produit'];
-			var parentLength = [0, 5];
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="description" content="EMB - consultation">
+    <title>EMB - consultation</title>
+    <link href="../commun.css" rel="stylesheet" type="text/css"/>
+    <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
+    <script>
+        const endpointURL = "https://rdf.insee.fr/sparql";
+        const racine = "http://id.insee.fr/codes/";
+        const nomenclature = "emb2018";
+        const regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
+        const replacement = 'display-item.htm?code=';
+        const itemTypes = ['Activité de la NAF', 'Produit'];
+        const parentLength = [0, 5];
 
-			$(document).ready(function() {
-				var codeAAffiche = getURLParameter('code');
-				var code;
-				if (codeAAffiche.length < 6) {
-					code = codeAAffiche.substring(0, 2) + "." + codeAAffiche.substring(2);
-				} else {
-					code = codeAAffiche;
-				}
-				$('#fil-ariane').html('<ul>' + breadcrumbs(code, false) + '</ul>');
-				getLabel(code);
-			});
+        document.addEventListener("DOMContentLoaded", function() {
+            const code = sanitizeInput(getURLParameter('code'));
+            if (code) {
+                const formattedCode = formatCodeWithDot(code);
+                document.getElementById('fil-ariane').innerHTML = '<ul>' + breadcrumbs(formattedCode, false) + '</ul>';
+                getLabel(formattedCode);
+            } else {
+                console.error('Code is null or empty.');
+            }
+        });
 
-			function escapeHtml(text) {
-				var map = {
-					'&': '&amp;',
-					'<': '&lt;',
-					'>': '&gt;',
-					'"': '&quot;',
-					"'": '&#039;'
-				};
-				return text.replace(/[&<>"']/g, function(m) { return map[m]; });
-			}
+        async function fetchData(query, type = "json") {
+            const headers = {
+                'Accept': type === 'n-triples' ? 'application/n-triples' : 'application/sparql-results+json'
+            };
+            try {
+                const response = await fetch(`${endpointURL}?query=${encodeURIComponent(query)}`, {
+                    method: 'GET',
+                    headers: headers,
+                });
+                if (!response.ok) {
+                    throw new Error('Network response was not ok');
+                }
+                const contentType = response.headers.get("content-type");
+                if (type === "json" && contentType.includes("application/sparql-results+json")) {
+                    return await response.json();
+                } else if (type === "n-triples" && contentType.includes("application/n-triples")) {
+                    const text = await response.text();
+                    return parseNTriples(text);
+                } else {
+                    throw new Error('Received content is not in the expected format');
+                }
+            } catch (error) {
+                console.error('Error fetching data:', error);
+                throw error;
+            }
+        }
 
-			function getLabel(code) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ";
-				query += "SELECT ?uri ?label WHERE {";
-				query += "?uri skos:prefLabel ?label ; skos:notation '" + escapeHtml(code);
-				query += "'. FILTER langMatches (lang(?label), 'fr')}";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-				var codeAAffiche = code.replace(".", "");
+        function parseNTriples(text) {
+            const triples = text.trim().split('\n').map(line => {
+                const match = line.match(/<([^>]*)>\s*<([^>]*)>\s*<([^>]*)>|<([^>]*)>\s*<([^>]*)>\s*"([^"]*)"/);
+                if (match) {
+                    return {
+                        subject: match[1] || match[4],
+                        predicate: match[2] || match[5],
+                        object: match[3] || match[6]
+                    };
+                } else {
+                    console.error('Failed to parse n-triple line:', line);
+                    return null;
+                }
+            });
+            return triples.filter(triple => triple !== null);
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var itemURI = data.results.bindings[0].uri.value;
-						$('#label').html(escapeHtml(codeAAffiche) + " - " + escapeHtml(data.results.bindings[0].label.value));
-						if (code.length > 6) {
-							getDescription(itemURI);
-						} else {
-							var childTypeIndex = (code.length == 6 ? 1 : 0);
-							getChildren(itemURI, itemTypes[childTypeIndex]);
-						}
-					} else {
-						$('#label').html("<p>Code non trouvé</p>");
-					}
-				}).fail(function() {
-					$('#label').html("<p>Erreur lors de la récupération des données</p>");
-				});
-			}
+        async function getLabel(code) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?uri ?label WHERE {
+                    ?uri skos:prefLabel ?label ; skos:notation '${encodeHTML(code)}'.
+                    FILTER langMatches (lang(?label), 'fr')
+                }
+            `;
+            try {
+                const data = await fetchData(query);
+                if (data.results.bindings.length > 0) {
+                    const itemURI = data.results.bindings[0].uri.value;
+                    document.getElementById('label').textContent = `${code} - ${data.results.bindings[0].label.value}`;
+                    if (code.length > 6) {
+                        getDescription(itemURI);
+                    } else {
+                        const childTypeIndex = (code.length === 5 ? 1 : 0);
+                        getChildren(itemURI, itemTypes[childTypeIndex], code.replace('.', ''));
+                    }
+                } else {
+                    document.getElementById('label').innerHTML = "<p>Code non trouvé</p>";
+                }
+            } catch (error) {
+                document.getElementById('label').innerHTML = "<p>Erreur lors de la récupération des données</p>";
+                console.error('Error in getLabel:', error);
+            }
+        }
 
-			function getDescription(itemURI) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + itemURI + ">";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+        async function getDescription(itemURI) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                DESCRIBE <${encodeHTML(itemURI)}>
+            `;
+            try {
+                const data = await fetchData(query, "n-triples");
+                data.forEach(triple => {
+                    const predicateValue = triple.predicate;
+                    const objectValue = triple.object;
+                    if (predicateValue === "http://www.w3.org/2004/02/skos/core#definition") getNote(objectValue, "note-generale");
+                    else if (predicateValue === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(objectValue, "note-generale");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(objectValue, "contenu-central");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(objectValue, "contenu-limite");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(objectValue, "exclusions");
+                    else if (predicateValue === "http://www.w3.org/2004/02/skos/core#note") getNote(objectValue, "remarques");
+                });
+            } catch (error) {
+                console.error('Error in getDescription:', error);
+            }
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var bindingObject = data.results.bindings[index];
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale");
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions");
-						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques");
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        async function getChildren(itemURI, childType, code) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?code ?label WHERE {
+                    <${encodeHTML(itemURI)}> skos:relatedMatch ?child .
+                    ?child skos:notation ?code ; skos:prefLabel ?label .
+                    FILTER langMatches (lang(?label), 'fr')
+                } ORDER BY ?code
+            `;
+            try {
+                const data = await fetchData(query);
+                if (data.results.bindings.length > 0) {
+                    let innerHTML = '<p class="nom-enfants">' + escapeHtml(childType) + (data.results.bindings.length > 1 ? 's' : '') + '</p><ul class="enfants">';
+                    data.results.bindings.forEach(item => {
+                        const childCode = encodeHTML(item.code.value);
+                        const childLabel = encodeHTML(item.label.value);
+                        const displayCode = formatCodeWithDot(childCode);
+                        innerHTML += `<li><p><a href="${replacement}${encodeURIComponent(childCode.replace('.', ''))}">${displayCode} - ${childLabel}</a></p></li>`;
+                    });
+                    innerHTML += '</ul>';
+                    const sousItemsElement = document.getElementById('sous-items');
+                    sousItemsElement.innerHTML = innerHTML;
+                    sousItemsElement.classList.add("sous-items");
+                } else {
+                    document.getElementById('sous-items').innerHTML = "<p>Aucun produit trouvé</p>";
+                }
+            } catch (error) {
+                document.getElementById('sous-items').innerHTML = "<p>Erreur lors de la récupération des données</p>";
+                console.error('Error in getChildren:', error);
+            }
+        }
 
-			function getChildren(itemURI, childType) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + escapeHtml(itemURI) + "> skos:relatedMatch ?child . ";
-				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+        async function getNote(uri, tag) {
+            const query = `
+                SELECT ?text WHERE {
+                    <${encodeHTML(uri)}> <http://eurovoc.europa.eu/schema#noteLiteral> ?text
+                }
+            `;
+            try {
+                const data = await fetchData(query);
+                if (data.results.bindings.length > 0) {
+                    const noteText = encodeHTML(data.results.bindings[0].text.value.replace(regex, replacement));
+                    const tagElement = document.getElementById(tag);
+                    tagElement.innerHTML += noteText.replace(/\\\$/g, "<br />");
+                    tagElement.classList.add(tag);
+                }
+            } catch (error) {
+                console.error('Error in getNote:', error);
+            }
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var innerHTML = '<p class="nom-enfants">' + escapeHtml(childType) + (data.results.bindings.length > 1 ? 's' : '') + '</p><ul class="enfants">';
-						for (var index = 0; index < data.results.bindings.length; index++) {
-							var childCode = data.results.bindings[index].code.value;
-							innerHTML += '<li><p><a href="' + replacement + escapeHtml(childCode) + '">' + escapeHtml(childCode) + ' - ' + escapeHtml(data.results.bindings[index].label.value) + '</a></p></li>';
-						}
-						innerHTML += '</ul>';
-						$('#sous-items').html(innerHTML);
-						$('#sous-items').addClass("sous-items");
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        function getURLParameter(name) {
+            const result = new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search);
+            return result ? decodeURIComponent(result[1].replace(/\+/g, '%20')) : null;
+        }
 
-			function getURLParameter(name) {
-    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20')) || null;
-			}
+        function breadcrumbs(code, finalLink) {
+            if (!code) {
+                console.error('Code is null or empty.');
+                return '';
+            }
+            let niveau;
+            if (code.length > 6) {
+                niveau = 'Produit ';
+            } else {
+                niveau = 'Activité ';
+            }
+            const name = `${niveau}${encodeHTML(code)}`;
+            const fin = finalLink ?
+                `<li><a href="${replacement}${encodeURIComponent(code.replace('.', ''))}" title="${name}">${name}</a></li>` :
+                `<li>${name}</li>`;
 
-			function getNote(uri, tag) {
-				var query = 'SELECT ?text WHERE { <' + escapeHtml(uri) + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }';
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+            if (code.length === 6) {
+                return `<li><a href="emb.htm" title="Accueil">${nomenclature.toUpperCase()}</a></li>&nbsp;${fin}`;
+            } else {
+                const parentCode = getParentCode(code);
+                if (parentCode) {
+                    return `${breadcrumbs(parentCode, true)}&nbsp;${fin}`;
+                } else {
+                    return fin;
+                }
+            }
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
-						$('#' + tag).append(escapeHtml(noteText).replace(/\\\$/g, "<br />"));
-						$('#' + tag).addClass(tag);
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        function getParentCode(code) {
+            if (code && code.length > 6) {
+                let codeParent = code.substr(0, parentLength[1]);
+                codeParent = codeParent.substring(0, 2) + "." + codeParent.substring(2);
+                return codeParent;
+            }
+            return null;
+        }
 
-			function breadcrumbs(code, finalLink) {
-				var codeAAffiche;
-				var niveau;
-				if (code && code.length > 6) {
-					niveau = 'Produit ';
-					codeAAffiche = code;
-				} else {
-					niveau = 'Activité ';
-					codeAAffiche = code.replace(".", "");
-				}
-				var name = escapeHtml(niveau + codeAAffiche);
-				var html;
-				var fin = (finalLink ?
-					('<li><a href="' + replacement + escapeHtml(codeAAffiche) + '" title="' + name + '">' + name + '</a></li>')
-					: ('<li>' + name + '</li>')
-				);
+        function encodeHTML(str) {
+            if (str == null) {
+                return '';
+            }
+            return str.replace(/&/g, '&amp;')
+                      .replace(/</g, '&lt;')
+                      .replace(/>/g, '&gt;')
+                      .replace(/"/g, '&quot;')
+                      .replace(/'/g, '&#39;');
+        }
 
-				if (code && code.length == 6) {
-					html = '<li><a href="emb.htm" title="Accueil">' + escapeHtml(nomenclature.toUpperCase()) + '</a></li>&nbsp;' + fin;
-				} else if (code) {
-					html = breadcrumbs(getParentCode(code), true) + '&nbsp;' + fin;
-				}
-				return html;
-			}
+        function sanitizeInput(input) {
+            return input ? input.replace(/[^a-zA-Z0-9-_]/g, '') : '';
+        }
 
-			function getParentCode(code) {
-				var codeParent;
-				if (code && code.length > 6) {
-					var codeParentSansPoint = code.substr(0, parentLength[1]);
-					codeParent = codeParentSansPoint.substring(0, 2) + "." + codeParentSansPoint.substring(2);
-					return codeParent;
-				}
-				return null;
-			}
-		</script>
-	</head>
-	<body>
-		<div id="fil-ariane"></div>
-		<h1 id="label" class="item"></h1>
-		<br/>
-		<div id="notes">
-			<div id="note-generale"></div>
-			<div id="contenu-central"></div>
-			<div id="contenu-limite"></div>
-			<div id="exclusions"></div>
-			<div id="remarques"></div>
-		</div>
-		<div id="sous-items"></div>
-	</body>
+        function formatCodeWithDot(code) {
+            if (code.length === 5 && !code.includes('.')) {
+                return code.slice(0, 2) + '.' + code.slice(2);
+            }
+            return code;
+        }
+
+        function escapeHtml(text) {
+            const map = {
+                '&': '&amp;',
+                '<': '&lt;',
+                '>': '&gt;',
+                '"': '&quot;',
+                "'": '&#039;'
+            };
+            return text.replace(/[&<>"']/g, function(m) { return map[m]; });
+        }
+    </script>
+</head>
+<body>
+    <div id="fil-ariane"></div>
+    <h1 id="label" class="item"></h1>
+    <br/>
+    <div id="notes">
+        <div id="note-generale"></div>
+        <div id="contenu-central"></div>
+        <div id="contenu-limite"></div>
+        <div id="exclusions"></div>
+        <div id="remarques"></div>
+    </div>
+    <div id="sous-items"></div>
+</body>
 </html>
diff --git a/pages/common/emb2018/emb.htm b/pages/common/emb2018/emb.htm
index dd1f55d..4cd69b1 100644
--- a/pages/common/emb2018/emb.htm
+++ b/pages/common/emb2018/emb.htm
@@ -1,60 +1,112 @@
 <!DOCTYPE html>
-<html>
-		<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
-        <title>Consultation - EMB 2018</title>
-        <link href="../commun.css" rel="stylesheet" type="text/css"/>
-		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
-		<script>
-			var endpointURL = "http://rdf.insee.fr/sparql";
-			var racine = "http://id.insee.fr/codes/";
-			var nomenclature="emb2018";
-			var niveau="produits"
-			//var niveau2="nafr2"
-			$(document).ready(function() {
-
-				var query = 'PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ';
-				query += 'SELECT ?code ?label WHERE {GRAPH <http://rdf.insee.fr/graphes/codes/'+nomenclature+'> { ?uri skos:prefLabel ?label ; skos:notation ?code . '
-				query += '<'+racine+nomenclature+'/'+niveau+'> skos:member ?uri .  FILTER langMatches (lang(?label), "fr")} . } ORDER BY ?code';
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-
-				$.getJSON(queryURL).success(function(data) {
-
-					var innerHTML = '<p class="nom-enfants">Produits</p><ul class="enfants">';
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var childCode = data.results.bindings[index].code.value;
-						innerHTML += '<li><p><a href="display-item.htm?code=' + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
-					}
-					innerHTML += '</ul>';
-					$('#sous-items').html(innerHTML);
-				});
-				
-				
-				var query2 = 'PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ';
-				query2 += 'SELECT distinct ?code ?label WHERE {?uri skos:prefLabel ?label ; skos:notation ?code ; skos:relatedMatch ?child . '
-				query2 += '<'+racine+nomenclature+'/'+niveau+'> skos:member ?child .  FILTER langMatches (lang(?label), "fr") } ORDER BY ?code';
-				
-				var queryURL2 = endpointURL + "?query=" + encodeURIComponent(query2);
-					
-					$.getJSON(queryURL2).success(function(data) {
-					var innerHTML = '<p class="nom-enfants"> Activités de la NAF </p><ul class="enfants">';
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var childCode = data.results.bindings[index].code.value.replace('.','');
-						innerHTML += '<li><p><a href="display-item.htm?code=' + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
-					}
-					innerHTML += '</ul>';
-					
-					$('#sous-items2').html(innerHTML);
-					});
-			});
-
-		</script>
-	</head>
-	<body>
-		<h1 class="titre-class">Nomenclatures des Enquêtes Mensuelles de Branche (EMB) 2018</h1>
-		<div class="note-generale">
-			<p>Liste des produits des Enquêtes Mensuelles de Branche 2018</p>
-		</div>
-		<div id="sous-items" class="sous-items" style="width: 45%; float: left;"></div>
-		<div id="sous-items2" class="sous-items" style="width: 45%; float: left;"></div>
-	</body>
+<html lang="fr">
+<head>
+    <meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
+    <title>Consultation - EMB 2018</title>
+    <link href="../commun.css" rel="stylesheet" type="text/css"/>
+    <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
+    <script src="https://cdn.jsdelivr.net/npm/handlebars@latest/dist/handlebars.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.1.6/purify.min.js" integrity="sha384-+VfUPEb0PdtChMwmBcBmykRMDd+v6D/oFmB3rZM/puCMDYcIvF968OimRh4KQY9a" crossorigin="anonymous"></script>
+</head>
+<body>
+    <h1 class="titre-class">Nomenclatures des Enquêtes Mensuelles de Branche (EMB) 2018</h1>
+    <div class="note-generale">
+        <p>Liste des produits des Enquêtes Mensuelles de Branche 2018</p>
+    </div>
+    <div id="sous-items1" class="sous-items" style="width: 45%; float: left;"></div>
+    <div id="sous-items2" class="sous-items" style="width: 45%; float: left;"></div>
+
+    <!-- Template for items -->
+    <script id="items-template" type="text/x-handlebars-template">
+        <p class="nom-enfants">{{sanitize title}}</p>
+        <ul class="enfants">
+        {{#each items}}
+            <li><p><a href="display-item.htm?code={{encodeURIComponent correctedCode}}">{{{displayCode}}} - {{{label}}}</a></p></li>
+        {{/each}}
+        </ul>
+    </script>
+
+    <script>
+        const endpointURL = "https://rdf.insee.fr/sparql";
+        const racine = "http://id.insee.fr/codes/";
+        const nomenclature = "emb2018";
+        const niveau = "produits";
+        const niveau2 = "produits";
+
+        document.addEventListener("DOMContentLoaded", function() {
+            const fetchData = (queryURL, elementId, title) => {
+                fetch(queryURL, {
+                    headers: {
+                        'Accept': 'application/sparql-results+json'
+                    }
+                })
+                .then(response => {
+                    if (!response.ok) {
+                        throw new Error('Network response was not ok');
+                    }
+                    return response.json();
+                })
+                .then(data => {
+                    const templateSource = document.getElementById('items-template').innerHTML;
+                    const template = Handlebars.compile(templateSource);
+
+                    const context = {
+                        title: DOMPurify.sanitize(title),
+                        items: data.results.bindings.map(item => {
+                            const code = item.code.value;
+                            const displayCode = (code.length === 6 && code.includes('.')) ? code : code.slice(0, 2) + '.' + code.slice(2);
+                            return {
+                                correctedCode: encodeURIComponent(code.replace('.', '')),
+                                displayCode: Handlebars.escapeExpression(displayCode),
+                                label: Handlebars.escapeExpression(item.label.value)
+                            };
+                        })
+                    };
+
+                    // Sanitize the compiled HTML before injecting it into the DOM
+                    const sanitizedHTML = DOMPurify.sanitize(template(context));
+                    document.getElementById(elementId).innerHTML = sanitizedHTML;
+                })
+                .catch(error => console.error('Error fetching data:', error));
+            };
+
+            const query1 = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?code ?label WHERE {
+                    GRAPH <http://rdf.insee.fr/graphes/codes/${nomenclature}> {
+                        ?uri skos:prefLabel ?label ;
+                             skos:notation ?code .
+                        <${racine}${nomenclature}/${niveau}> skos:member ?uri .
+                        FILTER langMatches(lang(?label), "fr")
+                    }
+                } ORDER BY ?code
+            `;
+            const queryURL1 = `${endpointURL}?query=${encodeURIComponent(query1)}`;
+            fetchData(queryURL1, 'sous-items1', 'Liste des produits');
+
+            const query2 = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT distinct ?code ?label WHERE {
+                    ?uri skos:prefLabel ?label ;
+                         skos:notation ?code ;
+                         skos:relatedMatch ?child .
+                    <${racine}${nomenclature}/${niveau2}> skos:member ?child .
+                    FILTER langMatches(lang(?label), "fr")
+                } ORDER BY ?code
+            `;
+            const queryURL2 = `${endpointURL}?query=${encodeURIComponent(query2)}`;
+            fetchData(queryURL2, 'sous-items2', 'Activités de la NAF');
+        });
+
+        // Helper to encode URL components
+        Handlebars.registerHelper('encodeURIComponent', function(context) {
+            return encodeURIComponent(context);
+        });
+
+        // Helper to sanitize input
+        Handlebars.registerHelper('sanitize', function(context) {
+            return Handlebars.escapeExpression(context);
+        });
+    </script>
+</body>
 </html>
diff --git a/pages/common/emb2019/display-item.htm b/pages/common/emb2019/display-item.htm
index b8d4347..9d2f146 100644
--- a/pages/common/emb2019/display-item.htm
+++ b/pages/common/emb2019/display-item.htm
@@ -1,176 +1,264 @@
 <!DOCTYPE html>
 <html lang="fr">
-	<head>
-		<meta charset="utf-8">
-		<meta name="viewport" content="width=device-width, initial-scale=1.0">
-		<meta name="description" content="EMB - consultation">
-		<title>EMB - consultation</title>
-		<link href="../commun.css" rel="stylesheet" type="text/css"/>
-		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
-		<script>
-			var endpointURL = "https://rdf.insee.fr/sparql";
-			var racine = "http://id.insee.fr/codes/";
-			var nomenclature = "emb2019";
-			var regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
-			var replacement = 'display-item.htm?code=';
-			var itemTypes = ['Activité de la NAF', 'Produit'];
-			var parentLength = [0, 5];
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="description" content="EMB - consultation">
+    <title>EMB - consultation</title>
+    <link href="../commun.css" rel="stylesheet" type="text/css"/>
+    <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
+    <script>
+        const endpointURL = "https://rdf.insee.fr/sparql";
+        const racine = "http://id.insee.fr/codes/";
+        const nomenclature = "emb2019";
+        const regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
+        const replacement = 'display-item.htm?code=';
+        const itemTypes = ['Activité de la NAF', 'Produit'];
+        const parentLength = [0, 5];
 
-			$(document).ready(function() {
-				var codeAAffiche = getURLParameter('code');
-				var code;
-				if (codeAAffiche.length < 6) {
-					code = codeAAffiche.substring(0, 2) + "." + codeAAffiche.substring(2);
-				} else {
-					code = codeAAffiche;
-				}
-				$('#fil-ariane').html('<ul>' + breadcrumbs(code, false) + '</ul>');
-				getLabel(code);
-			});
+        document.addEventListener("DOMContentLoaded", function() {
+            const code = sanitizeInput(getURLParameter('code'));
+            if (code) {
+                const formattedCode = formatCodeWithDot(code);
+                document.getElementById('fil-ariane').innerHTML = '<ul>' + breadcrumbs(formattedCode, false) + '</ul>';
+                getLabel(formattedCode);
+            } else {
+                console.error('Code is null or empty.');
+            }
+        });
 
-			function escapeHtml(text) {
-				var map = {
-					'&': '&amp;',
-					'<': '&lt;',
-					'>': '&gt;',
-					'"': '&quot;',
-					"'": '&#039;'
-				};
-				return text.replace(/[&<>"']/g, function(m) { return map[m]; });
-			}
+        async function fetchData(query, type = "json") {
+            const headers = {
+                'Accept': type === 'n-triples' ? 'application/n-triples' : 'application/sparql-results+json'
+            };
+            try {
+                const response = await fetch(`${endpointURL}?query=${encodeURIComponent(query)}`, {
+                    method: 'GET',
+                    headers: headers,
+                });
+                if (!response.ok) {
+                    throw new Error('Network response was not ok');
+                }
+                const contentType = response.headers.get("content-type");
+                if (type === "json" && contentType.includes("application/sparql-results+json")) {
+                    return await response.json();
+                } else if (type === "n-triples" && contentType.includes("application/n-triples")) {
+                    const text = await response.text();
+                    return parseNTriples(text);
+                } else {
+                    throw new Error('Received content is not in the expected format');
+                }
+            } catch (error) {
+                console.error('Error fetching data:', error);
+                throw error;
+            }
+        }
 
-			function getLabel(code) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ";
-				query += "SELECT ?uri ?label WHERE {";
-				query += "?uri skos:prefLabel ?label ; skos:notation '" + escapeHtml(code);
-				query += "'. FILTER langMatches (lang(?label), 'fr')}";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-				var codeAAffiche = code.replace(".", "");
+        function parseNTriples(text) {
+            const triples = text.trim().split('\n').map(line => {
+                const match = line.match(/<([^>]*)>\s*<([^>]*)>\s*<([^>]*)>|<([^>]*)>\s*<([^>]*)>\s*"([^"]*)"/);
+                if (match) {
+                    return {
+                        subject: match[1] || match[4],
+                        predicate: match[2] || match[5],
+                        object: match[3] || match[6]
+                    };
+                } else {
+                    console.error('Failed to parse n-triple line:', line);
+                    return null;
+                }
+            });
+            return triples.filter(triple => triple !== null);
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var itemURI = data.results.bindings[0].uri.value;
-						$('#label').html(escapeHtml(codeAAffiche) + " - " + escapeHtml(data.results.bindings[0].label.value));
-						if (code.length > 6) {
-							getDescription(itemURI);
-						} else {
-							var childTypeIndex = (code.length == 6 ? 1 : 0);
-							getChildren(itemURI, itemTypes[childTypeIndex]);
-						}
-					} else {
-						$('#label').html("<p>Code non trouvé</p>");
-					}
-				}).fail(function() {
-					$('#label').html("<p>Erreur lors de la récupération des données</p>");
-				});
-			}
+        async function getLabel(code) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?uri ?label WHERE {
+                    ?uri skos:prefLabel ?label ; skos:notation '${encodeHTML(code)}'.
+                    FILTER langMatches (lang(?label), 'fr')
+                }
+            `;
+            try {
+                const data = await fetchData(query);
+                if (data.results.bindings.length > 0) {
+                    const itemURI = data.results.bindings[0].uri.value;
+                    document.getElementById('label').textContent = `${code} - ${data.results.bindings[0].label.value}`;
+                    if (code.length > 6) {
+                        getDescription(itemURI);
+                    } else {
+                        const childTypeIndex = (code.length === 5 ? 1 : 0);
+                        getChildren(itemURI, itemTypes[childTypeIndex], code.replace('.', ''));
+                    }
+                } else {
+                    document.getElementById('label').innerHTML = "<p>Code non trouvé</p>";
+                }
+            } catch (error) {
+                document.getElementById('label').innerHTML = "<p>Erreur lors de la récupération des données</p>";
+                console.error('Error in getLabel:', error);
+            }
+        }
 
-			function getDescription(itemURI) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + itemURI + ">";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+        async function getDescription(itemURI) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                DESCRIBE <${encodeHTML(itemURI)}>
+            `;
+            try {
+                const data = await fetchData(query, "n-triples");
+                data.forEach(triple => {
+                    const predicateValue = triple.predicate;
+                    const objectValue = triple.object;
+                    if (predicateValue === "http://www.w3.org/2004/02/skos/core#definition") getNote(objectValue, "note-generale");
+                    else if (predicateValue === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(objectValue, "note-generale");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(objectValue, "contenu-central");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(objectValue, "contenu-limite");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(objectValue, "exclusions");
+                    else if (predicateValue === "http://www.w3.org/2004/02/skos/core#note") getNote(objectValue, "remarques");
+                });
+            } catch (error) {
+                console.error('Error in getDescription:', error);
+            }
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var bindingObject = data.results.bindings[index];
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale");
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions");
-						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques");
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        async function getChildren(itemURI, childType, code) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?code ?label WHERE {
+                    <${encodeHTML(itemURI)}> skos:relatedMatch ?child .
+                    ?child skos:notation ?code ; skos:prefLabel ?label .
+                    FILTER langMatches (lang(?label), 'fr')
+                } ORDER BY ?code
+            `;
+            try {
+                const data = await fetchData(query);
+                if (data.results.bindings.length > 0) {
+                    let innerHTML = '<p class="nom-enfants">' + escapeHtml(childType) + (data.results.bindings.length > 1 ? 's' : '') + '</p><ul class="enfants">';
+                    data.results.bindings.forEach(item => {
+                        const childCode = encodeHTML(item.code.value);
+                        const childLabel = encodeHTML(item.label.value);
+                        const displayCode = formatCodeWithDot(childCode);
+                        innerHTML += `<li><p><a href="${replacement}${encodeURIComponent(childCode.replace('.', ''))}">${displayCode} - ${childLabel}</a></p></li>`;
+                    });
+                    innerHTML += '</ul>';
+                    const sousItemsElement = document.getElementById('sous-items');
+                    sousItemsElement.innerHTML = innerHTML;
+                    sousItemsElement.classList.add("sous-items");
+                } else {
+                    document.getElementById('sous-items').innerHTML = "<p>Aucun produit trouvé</p>";
+                }
+            } catch (error) {
+                document.getElementById('sous-items').innerHTML = "<p>Erreur lors de la récupération des données</p>";
+                console.error('Error in getChildren:', error);
+            }
+        }
 
-			function getChildren(itemURI, childType) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + escapeHtml(itemURI) + "> skos:relatedMatch ?child . ";
-				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+        async function getNote(uri, tag) {
+            const query = `
+                SELECT ?text WHERE {
+                    <${encodeHTML(uri)}> <http://eurovoc.europa.eu/schema#noteLiteral> ?text
+                }
+            `;
+            try {
+                const data = await fetchData(query);
+                if (data.results.bindings.length > 0) {
+                    const noteText = encodeHTML(data.results.bindings[0].text.value.replace(regex, replacement));
+                    const tagElement = document.getElementById(tag);
+                    tagElement.innerHTML += noteText.replace(/\\\$/g, "<br />");
+                    tagElement.classList.add(tag);
+                }
+            } catch (error) {
+                console.error('Error in getNote:', error);
+            }
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var innerHTML = '<p class="nom-enfants">' + escapeHtml(childType) + (data.results.bindings.length > 1 ? 's' : '') + '</p><ul class="enfants">';
-						for (var index = 0; index < data.results.bindings.length; index++) {
-							var childCode = data.results.bindings[index].code.value;
-							innerHTML += '<li><p><a href="' + replacement + escapeHtml(childCode) + '">' + escapeHtml(childCode) + ' - ' + escapeHtml(data.results.bindings[index].label.value) + '</a></p></li>';
-						}
-						innerHTML += '</ul>';
-						$('#sous-items').html(innerHTML);
-						$('#sous-items').addClass("sous-items");
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        function getURLParameter(name) {
+            const result = new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search);
+            return result ? decodeURIComponent(result[1].replace(/\+/g, '%20')) : null;
+        }
 
-			function getURLParameter(name) {
-    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20')) || null;
-			}
+        function breadcrumbs(code, finalLink) {
+            if (!code) {
+                console.error('Code is null or empty.');
+                return '';
+            }
+            let niveau;
+            if (code.length > 6) {
+                niveau = 'Produit ';
+            } else {
+                niveau = 'Activité ';
+            }
+            const name = `${niveau}${encodeHTML(code)}`;
+            const fin = finalLink ?
+                `<li><a href="${replacement}${encodeURIComponent(code.replace('.', ''))}" title="${name}">${name}</a></li>` :
+                `<li>${name}</li>`;
 
-			function getNote(uri, tag) {
-				var query = 'SELECT ?text WHERE { <' + escapeHtml(uri) + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }';
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+            if (code.length === 6) {
+                return `<li><a href="emb.htm" title="Accueil">${nomenclature.toUpperCase()}</a></li>&nbsp;${fin}`;
+            } else {
+                const parentCode = getParentCode(code);
+                if (parentCode) {
+                    return `${breadcrumbs(parentCode, true)}&nbsp;${fin}`;
+                } else {
+                    return fin;
+                }
+            }
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
-						$('#' + tag).append(escapeHtml(noteText).replace(/\\\$/g, "<br />"));
-						$('#' + tag).addClass(tag);
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        function getParentCode(code) {
+            if (code && code.length > 6) {
+                let codeParent = code.substr(0, parentLength[1]);
+                codeParent = codeParent.substring(0, 2) + "." + codeParent.substring(2);
+                return codeParent;
+            }
+            return null;
+        }
 
-			function breadcrumbs(code, finalLink) {
-				var codeAAffiche;
-				var niveau;
-				if (code && code.length > 6) {
-					niveau = 'Produit ';
-					codeAAffiche = code;
-				} else {
-					niveau = 'Activité ';
-					codeAAffiche = code.replace(".", "");
-				}
-				var name = escapeHtml(niveau + codeAAffiche);
-				var html;
-				var fin = (finalLink ?
-					('<li><a href="' + replacement + escapeHtml(codeAAffiche) + '" title="' + name + '">' + name + '</a></li>')
-					: ('<li>' + name + '</li>')
-				);
+        function encodeHTML(str) {
+            if (str == null) {
+                return '';
+            }
+            return str.replace(/&/g, '&amp;')
+                      .replace(/</g, '&lt;')
+                      .replace(/>/g, '&gt;')
+                      .replace(/"/g, '&quot;')
+                      .replace(/'/g, '&#39;');
+        }
 
-				if (code && code.length == 6) {
-					html = '<li><a href="emb.htm" title="Accueil">' + escapeHtml(nomenclature.toUpperCase()) + '</a></li>&nbsp;' + fin;
-				} else if (code) {
-					html = breadcrumbs(getParentCode(code), true) + '&nbsp;' + fin;
-				}
-				return html;
-			}
+        function sanitizeInput(input) {
+            return input ? input.replace(/[^a-zA-Z0-9-_]/g, '') : '';
+        }
 
-			function getParentCode(code) {
-				var codeParent;
-				if (code && code.length > 6) {
-					var codeParentSansPoint = code.substr(0, parentLength[1]);
-					codeParent = codeParentSansPoint.substring(0, 2) + "." + codeParentSansPoint.substring(2);
-					return codeParent;
-				}
-				return null;
-			}
-		</script>
-	</head>
-	<body>
-		<div id="fil-ariane"></div>
-		<h1 id="label" class="item"></h1>
-		<br/>
-		<div id="notes">
-			<div id="note-generale"></div>
-			<div id="contenu-central"></div>
-			<div id="contenu-limite"></div>
-			<div id="exclusions"></div>
-			<div id="remarques"></div>
-		</div>
-		<div id="sous-items"></div>
-	</body>
+        function formatCodeWithDot(code) {
+            if (code.length === 5 && !code.includes('.')) {
+                return code.slice(0, 2) + '.' + code.slice(2);
+            }
+            return code;
+        }
+
+        function escapeHtml(text) {
+            const map = {
+                '&': '&amp;',
+                '<': '&lt;',
+                '>': '&gt;',
+                '"': '&quot;',
+                "'": '&#039;'
+            };
+            return text.replace(/[&<>"']/g, function(m) { return map[m]; });
+        }
+    </script>
+</head>
+<body>
+    <div id="fil-ariane"></div>
+    <h1 id="label" class="item"></h1>
+    <br/>
+    <div id="notes">
+        <div id="note-generale"></div>
+        <div id="contenu-central"></div>
+        <div id="contenu-limite"></div>
+        <div id="exclusions"></div>
+        <div id="remarques"></div>
+    </div>
+    <div id="sous-items"></div>
+</body>
 </html>
diff --git a/pages/common/emb2019/emb.htm b/pages/common/emb2019/emb.htm
index 924170d..d464834 100644
--- a/pages/common/emb2019/emb.htm
+++ b/pages/common/emb2019/emb.htm
@@ -1,60 +1,112 @@
 <!DOCTYPE html>
-<html>
-		<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
-        <title>Consultation - EMB 2019</title>
-        <link href="../commun.css" rel="stylesheet" type="text/css"/>
-		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
-		<script>
-			var endpointURL = "http://rdf.insee.fr/sparql";
-			var racine = "http://id.insee.fr/codes/";
-			var nomenclature="emb2019";
-			var niveau="produits"
-			//var niveau2="nafr2"
-			$(document).ready(function() {
-
-				var query = 'PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ';
-				query += 'SELECT ?code ?label WHERE {GRAPH <http://rdf.insee.fr/graphes/codes/'+nomenclature+'> { ?uri skos:prefLabel ?label ; skos:notation ?code . '
-				query += '<'+racine+nomenclature+'/'+niveau+'> skos:member ?uri .  FILTER langMatches (lang(?label), "fr")} . } ORDER BY ?code';
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-
-				$.getJSON(queryURL).success(function(data) {
-
-					var innerHTML = '<p class="nom-enfants">Produits</p><ul class="enfants">';
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var childCode = data.results.bindings[index].code.value;
-						innerHTML += '<li><p><a href="display-item.htm?code=' + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
-					}
-					innerHTML += '</ul>';
-					$('#sous-items').html(innerHTML);
-				});
-				
-				
-				var query2 = 'PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ';
-				query2 += 'SELECT distinct ?code ?label WHERE {?uri skos:prefLabel ?label ; skos:notation ?code ; skos:relatedMatch ?child . '
-				query2 += '<'+racine+nomenclature+'/'+niveau+'> skos:member ?child .  FILTER langMatches (lang(?label), "fr") } ORDER BY ?code';
-				
-				var queryURL2 = endpointURL + "?query=" + encodeURIComponent(query2);
-					
-					$.getJSON(queryURL2).success(function(data) {
-					var innerHTML = '<p class="nom-enfants"> Activités de la NAF </p><ul class="enfants">';
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var childCode = data.results.bindings[index].code.value.replace('.','');
-						innerHTML += '<li><p><a href="display-item.htm?code=' + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
-					}
-					innerHTML += '</ul>';
-					
-					$('#sous-items2').html(innerHTML);
-					});
-			});
-
-		</script>
-	</head>
-	<body>
-		<h1 class="titre-class">Nomenclatures des Enquêtes Mensuelles de Branche (EMB) 2019</h1>
-		<div class="note-generale">
-			<p>Liste des produits des Enquêtes Mensuelles de Branche 2019</p>
-		</div>
-		<div id="sous-items" class="sous-items" style="width: 45%; float: left;"></div>
-		<div id="sous-items2" class="sous-items" style="width: 45%; float: left;"></div>
-	</body>
+<html lang="fr">
+<head>
+    <meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
+    <title>Consultation - EMB 2019</title>
+    <link href="../commun.css" rel="stylesheet" type="text/css"/>
+    <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
+    <script src="https://cdn.jsdelivr.net/npm/handlebars@latest/dist/handlebars.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.1.6/purify.min.js" integrity="sha384-+VfUPEb0PdtChMwmBcBmykRMDd+v6D/oFmB3rZM/puCMDYcIvF968OimRh4KQY9a" crossorigin="anonymous"></script>
+</head>
+<body>
+    <h1 class="titre-class">Nomenclatures des Enquêtes Mensuelles de Branche (EMB) 2019</h1>
+    <div class="note-generale">
+        <p>Liste des produits des Enquêtes Mensuelles de Branche 2019</p>
+    </div>
+    <div id="sous-items1" class="sous-items" style="width: 45%; float: left;"></div>
+    <div id="sous-items2" class="sous-items" style="width: 45%; float: left;"></div>
+
+    <!-- Template for items -->
+    <script id="items-template" type="text/x-handlebars-template">
+        <p class="nom-enfants">{{sanitize title}}</p>
+        <ul class="enfants">
+        {{#each items}}
+            <li><p><a href="display-item.htm?code={{encodeURIComponent correctedCode}}">{{{displayCode}}} - {{{label}}}</a></p></li>
+        {{/each}}
+        </ul>
+    </script>
+
+    <script>
+        const endpointURL = "https://rdf.insee.fr/sparql";
+        const racine = "http://id.insee.fr/codes/";
+        const nomenclature = "emb2019";
+        const niveau = "produits";
+        const niveau2 = "produits";
+
+        document.addEventListener("DOMContentLoaded", function() {
+            const fetchData = (queryURL, elementId, title) => {
+                fetch(queryURL, {
+                    headers: {
+                        'Accept': 'application/sparql-results+json'
+                    }
+                })
+                .then(response => {
+                    if (!response.ok) {
+                        throw new Error('Network response was not ok');
+                    }
+                    return response.json();
+                })
+                .then(data => {
+                    const templateSource = document.getElementById('items-template').innerHTML;
+                    const template = Handlebars.compile(templateSource);
+
+                    const context = {
+                        title: DOMPurify.sanitize(title),
+                        items: data.results.bindings.map(item => {
+                            const code = item.code.value;
+                            const displayCode = (code.length === 6 && code.includes('.')) ? code : code.slice(0, 2) + '.' + code.slice(2);
+                            return {
+                                correctedCode: encodeURIComponent(code.replace('.', '')),
+                                displayCode: Handlebars.escapeExpression(displayCode),
+                                label: Handlebars.escapeExpression(item.label.value)
+                            };
+                        })
+                    };
+
+                    // Sanitize the compiled HTML before injecting it into the DOM
+                    const sanitizedHTML = DOMPurify.sanitize(template(context));
+                    document.getElementById(elementId).innerHTML = sanitizedHTML;
+                })
+                .catch(error => console.error('Error fetching data:', error));
+            };
+
+            const query1 = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?code ?label WHERE {
+                    GRAPH <http://rdf.insee.fr/graphes/codes/${nomenclature}> {
+                        ?uri skos:prefLabel ?label ;
+                             skos:notation ?code .
+                        <${racine}${nomenclature}/${niveau}> skos:member ?uri .
+                        FILTER langMatches(lang(?label), "fr")
+                    }
+                } ORDER BY ?code
+            `;
+            const queryURL1 = `${endpointURL}?query=${encodeURIComponent(query1)}`;
+            fetchData(queryURL1, 'sous-items1', 'Liste des produits');
+
+            const query2 = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT distinct ?code ?label WHERE {
+                    ?uri skos:prefLabel ?label ;
+                         skos:notation ?code ;
+                         skos:relatedMatch ?child .
+                    <${racine}${nomenclature}/${niveau2}> skos:member ?child .
+                    FILTER langMatches(lang(?label), "fr")
+                } ORDER BY ?code
+            `;
+            const queryURL2 = `${endpointURL}?query=${encodeURIComponent(query2)}`;
+            fetchData(queryURL2, 'sous-items2', 'Activités de la NAF');
+        });
+
+        // Helper to encode URL components
+        Handlebars.registerHelper('encodeURIComponent', function(context) {
+            return encodeURIComponent(context);
+        });
+
+        // Helper to sanitize input
+        Handlebars.registerHelper('sanitize', function(context) {
+            return Handlebars.escapeExpression(context);
+        });
+    </script>
+</body>
 </html>
diff --git a/pages/common/emb2020/display-item.htm b/pages/common/emb2020/display-item.htm
index 1e5a130..0b3f170 100644
--- a/pages/common/emb2020/display-item.htm
+++ b/pages/common/emb2020/display-item.htm
@@ -1,176 +1,264 @@
 <!DOCTYPE html>
 <html lang="fr">
-	<head>
-		<meta charset="utf-8">
-		<meta name="viewport" content="width=device-width, initial-scale=1.0">
-		<meta name="description" content="EMB - consultation">
-		<title>EMB - consultation</title>
-		<link href="../commun.css" rel="stylesheet" type="text/css"/>
-		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
-		<script>
-			var endpointURL = "https://rdf.insee.fr/sparql";
-			var racine = "http://id.insee.fr/codes/";
-			var nomenclature = "emb2020";
-			var regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
-			var replacement = 'display-item.htm?code=';
-			var itemTypes = ['Activité de la NAF', 'Produit'];
-			var parentLength = [0, 5];
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="description" content="EMB - consultation">
+    <title>EMB - consultation</title>
+    <link href="../commun.css" rel="stylesheet" type="text/css"/>
+    <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
+    <script>
+        const endpointURL = "https://rdf.insee.fr/sparql";
+        const racine = "http://id.insee.fr/codes/";
+        const nomenclature = "emb2020";
+        const regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
+        const replacement = 'display-item.htm?code=';
+        const itemTypes = ['Activité de la NAF', 'Produit'];
+        const parentLength = [0, 5];
 
-			$(document).ready(function() {
-				var codeAAffiche = getURLParameter('code');
-				var code;
-				if (codeAAffiche.length < 6) {
-					code = codeAAffiche.substring(0, 2) + "." + codeAAffiche.substring(2);
-				} else {
-					code = codeAAffiche;
-				}
-				$('#fil-ariane').html('<ul>' + breadcrumbs(code, false) + '</ul>');
-				getLabel(code);
-			});
+        document.addEventListener("DOMContentLoaded", function() {
+            const code = sanitizeInput(getURLParameter('code'));
+            if (code) {
+                const formattedCode = formatCodeWithDot(code);
+                document.getElementById('fil-ariane').innerHTML = '<ul>' + breadcrumbs(formattedCode, false) + '</ul>';
+                getLabel(formattedCode);
+            } else {
+                console.error('Code is null or empty.');
+            }
+        });
 
-			function escapeHtml(text) {
-				var map = {
-					'&': '&amp;',
-					'<': '&lt;',
-					'>': '&gt;',
-					'"': '&quot;',
-					"'": '&#039;'
-				};
-				return text.replace(/[&<>"']/g, function(m) { return map[m]; });
-			}
+        async function fetchData(query, type = "json") {
+            const headers = {
+                'Accept': type === 'n-triples' ? 'application/n-triples' : 'application/sparql-results+json'
+            };
+            try {
+                const response = await fetch(`${endpointURL}?query=${encodeURIComponent(query)}`, {
+                    method: 'GET',
+                    headers: headers,
+                });
+                if (!response.ok) {
+                    throw new Error('Network response was not ok');
+                }
+                const contentType = response.headers.get("content-type");
+                if (type === "json" && contentType.includes("application/sparql-results+json")) {
+                    return await response.json();
+                } else if (type === "n-triples" && contentType.includes("application/n-triples")) {
+                    const text = await response.text();
+                    return parseNTriples(text);
+                } else {
+                    throw new Error('Received content is not in the expected format');
+                }
+            } catch (error) {
+                console.error('Error fetching data:', error);
+                throw error;
+            }
+        }
 
-			function getLabel(code) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ";
-				query += "SELECT ?uri ?label WHERE {";
-				query += "?uri skos:prefLabel ?label ; skos:notation '" + escapeHtml(code);
-				query += "'. FILTER langMatches (lang(?label), 'fr')}";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-				var codeAAffiche = code.replace(".", "");
+        function parseNTriples(text) {
+            const triples = text.trim().split('\n').map(line => {
+                const match = line.match(/<([^>]*)>\s*<([^>]*)>\s*<([^>]*)>|<([^>]*)>\s*<([^>]*)>\s*"([^"]*)"/);
+                if (match) {
+                    return {
+                        subject: match[1] || match[4],
+                        predicate: match[2] || match[5],
+                        object: match[3] || match[6]
+                    };
+                } else {
+                    console.error('Failed to parse n-triple line:', line);
+                    return null;
+                }
+            });
+            return triples.filter(triple => triple !== null);
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var itemURI = data.results.bindings[0].uri.value;
-						$('#label').html(escapeHtml(codeAAffiche) + " - " + escapeHtml(data.results.bindings[0].label.value));
-						if (code.length > 6) {
-							getDescription(itemURI);
-						} else {
-							var childTypeIndex = (code.length == 6 ? 1 : 0);
-							getChildren(itemURI, itemTypes[childTypeIndex]);
-						}
-					} else {
-						$('#label').html("<p>Code non trouvé</p>");
-					}
-				}).fail(function() {
-					$('#label').html("<p>Erreur lors de la récupération des données</p>");
-				});
-			}
+        async function getLabel(code) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?uri ?label WHERE {
+                    ?uri skos:prefLabel ?label ; skos:notation '${encodeHTML(code)}'.
+                    FILTER langMatches (lang(?label), 'fr')
+                }
+            `;
+            try {
+                const data = await fetchData(query);
+                if (data.results.bindings.length > 0) {
+                    const itemURI = data.results.bindings[0].uri.value;
+                    document.getElementById('label').textContent = `${code} - ${data.results.bindings[0].label.value}`;
+                    if (code.length > 6) {
+                        getDescription(itemURI);
+                    } else {
+                        const childTypeIndex = (code.length === 5 ? 1 : 0);
+                        getChildren(itemURI, itemTypes[childTypeIndex], code.replace('.', ''));
+                    }
+                } else {
+                    document.getElementById('label').innerHTML = "<p>Code non trouvé</p>";
+                }
+            } catch (error) {
+                document.getElementById('label').innerHTML = "<p>Erreur lors de la récupération des données</p>";
+                console.error('Error in getLabel:', error);
+            }
+        }
 
-			function getDescription(itemURI) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + itemURI + ">";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+        async function getDescription(itemURI) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                DESCRIBE <${encodeHTML(itemURI)}>
+            `;
+            try {
+                const data = await fetchData(query, "n-triples");
+                data.forEach(triple => {
+                    const predicateValue = triple.predicate;
+                    const objectValue = triple.object;
+                    if (predicateValue === "http://www.w3.org/2004/02/skos/core#definition") getNote(objectValue, "note-generale");
+                    else if (predicateValue === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(objectValue, "note-generale");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(objectValue, "contenu-central");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(objectValue, "contenu-limite");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(objectValue, "exclusions");
+                    else if (predicateValue === "http://www.w3.org/2004/02/skos/core#note") getNote(objectValue, "remarques");
+                });
+            } catch (error) {
+                console.error('Error in getDescription:', error);
+            }
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var bindingObject = data.results.bindings[index];
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale");
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions");
-						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques");
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        async function getChildren(itemURI, childType, code) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?code ?label WHERE {
+                    <${encodeHTML(itemURI)}> skos:relatedMatch ?child .
+                    ?child skos:notation ?code ; skos:prefLabel ?label .
+                    FILTER langMatches (lang(?label), 'fr')
+                } ORDER BY ?code
+            `;
+            try {
+                const data = await fetchData(query);
+                if (data.results.bindings.length > 0) {
+                    let innerHTML = '<p class="nom-enfants">' + escapeHtml(childType) + (data.results.bindings.length > 1 ? 's' : '') + '</p><ul class="enfants">';
+                    data.results.bindings.forEach(item => {
+                        const childCode = encodeHTML(item.code.value);
+                        const childLabel = encodeHTML(item.label.value);
+                        const displayCode = formatCodeWithDot(childCode);
+                        innerHTML += `<li><p><a href="${replacement}${encodeURIComponent(childCode.replace('.', ''))}">${displayCode} - ${childLabel}</a></p></li>`;
+                    });
+                    innerHTML += '</ul>';
+                    const sousItemsElement = document.getElementById('sous-items');
+                    sousItemsElement.innerHTML = innerHTML;
+                    sousItemsElement.classList.add("sous-items");
+                } else {
+                    document.getElementById('sous-items').innerHTML = "<p>Aucun produit trouvé</p>";
+                }
+            } catch (error) {
+                document.getElementById('sous-items').innerHTML = "<p>Erreur lors de la récupération des données</p>";
+                console.error('Error in getChildren:', error);
+            }
+        }
 
-			function getChildren(itemURI, childType) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + escapeHtml(itemURI) + "> skos:relatedMatch ?child . ";
-				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+        async function getNote(uri, tag) {
+            const query = `
+                SELECT ?text WHERE {
+                    <${encodeHTML(uri)}> <http://eurovoc.europa.eu/schema#noteLiteral> ?text
+                }
+            `;
+            try {
+                const data = await fetchData(query);
+                if (data.results.bindings.length > 0) {
+                    const noteText = encodeHTML(data.results.bindings[0].text.value.replace(regex, replacement));
+                    const tagElement = document.getElementById(tag);
+                    tagElement.innerHTML += noteText.replace(/\\\$/g, "<br />");
+                    tagElement.classList.add(tag);
+                }
+            } catch (error) {
+                console.error('Error in getNote:', error);
+            }
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var innerHTML = '<p class="nom-enfants">' + escapeHtml(childType) + (data.results.bindings.length > 1 ? 's' : '') + '</p><ul class="enfants">';
-						for (var index = 0; index < data.results.bindings.length; index++) {
-							var childCode = data.results.bindings[index].code.value;
-							innerHTML += '<li><p><a href="' + replacement + escapeHtml(childCode) + '">' + escapeHtml(childCode) + ' - ' + escapeHtml(data.results.bindings[index].label.value) + '</a></p></li>';
-						}
-						innerHTML += '</ul>';
-						$('#sous-items').html(innerHTML);
-						$('#sous-items').addClass("sous-items");
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        function getURLParameter(name) {
+            const result = new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search);
+            return result ? decodeURIComponent(result[1].replace(/\+/g, '%20')) : null;
+        }
 
-			function getURLParameter(name) {
-    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20')) || null;
-			}
+        function breadcrumbs(code, finalLink) {
+            if (!code) {
+                console.error('Code is null or empty.');
+                return '';
+            }
+            let niveau;
+            if (code.length > 6) {
+                niveau = 'Produit ';
+            } else {
+                niveau = 'Activité ';
+            }
+            const name = `${niveau}${encodeHTML(code)}`;
+            const fin = finalLink ?
+                `<li><a href="${replacement}${encodeURIComponent(code.replace('.', ''))}" title="${name}">${name}</a></li>` :
+                `<li>${name}</li>`;
 
-			function getNote(uri, tag) {
-				var query = 'SELECT ?text WHERE { <' + escapeHtml(uri) + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }';
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+            if (code.length === 6) {
+                return `<li><a href="emb.htm" title="Accueil">${nomenclature.toUpperCase()}</a></li>&nbsp;${fin}`;
+            } else {
+                const parentCode = getParentCode(code);
+                if (parentCode) {
+                    return `${breadcrumbs(parentCode, true)}&nbsp;${fin}`;
+                } else {
+                    return fin;
+                }
+            }
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
-						$('#' + tag).append(escapeHtml(noteText).replace(/\\\$/g, "<br />"));
-						$('#' + tag).addClass(tag);
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        function getParentCode(code) {
+            if (code && code.length > 6) {
+                let codeParent = code.substr(0, parentLength[1]);
+                codeParent = codeParent.substring(0, 2) + "." + codeParent.substring(2);
+                return codeParent;
+            }
+            return null;
+        }
 
-			function breadcrumbs(code, finalLink) {
-				var codeAAffiche;
-				var niveau;
-				if (code && code.length > 6) {
-					niveau = 'Produit ';
-					codeAAffiche = code;
-				} else {
-					niveau = 'Activité ';
-					codeAAffiche = code.replace(".", "");
-				}
-				var name = escapeHtml(niveau + codeAAffiche);
-				var html;
-				var fin = (finalLink ?
-					('<li><a href="' + replacement + escapeHtml(codeAAffiche) + '" title="' + name + '">' + name + '</a></li>')
-					: ('<li>' + name + '</li>')
-				);
+        function encodeHTML(str) {
+            if (str == null) {
+                return '';
+            }
+            return str.replace(/&/g, '&amp;')
+                      .replace(/</g, '&lt;')
+                      .replace(/>/g, '&gt;')
+                      .replace(/"/g, '&quot;')
+                      .replace(/'/g, '&#39;');
+        }
 
-				if (code && code.length == 6) {
-					html = '<li><a href="emb.htm" title="Accueil">' + escapeHtml(nomenclature.toUpperCase()) + '</a></li>&nbsp;' + fin;
-				} else if (code) {
-					html = breadcrumbs(getParentCode(code), true) + '&nbsp;' + fin;
-				}
-				return html;
-			}
+        function sanitizeInput(input) {
+            return input ? input.replace(/[^a-zA-Z0-9-_]/g, '') : '';
+        }
 
-			function getParentCode(code) {
-				var codeParent;
-				if (code && code.length > 6) {
-					var codeParentSansPoint = code.substr(0, parentLength[1]);
-					codeParent = codeParentSansPoint.substring(0, 2) + "." + codeParentSansPoint.substring(2);
-					return codeParent;
-				}
-				return null;
-			}
-		</script>
-	</head>
-	<body>
-		<div id="fil-ariane"></div>
-		<h1 id="label" class="item"></h1>
-		<br/>
-		<div id="notes">
-			<div id="note-generale"></div>
-			<div id="contenu-central"></div>
-			<div id="contenu-limite"></div>
-			<div id="exclusions"></div>
-			<div id="remarques"></div>
-		</div>
-		<div id="sous-items"></div>
-	</body>
+        function formatCodeWithDot(code) {
+            if (code.length === 5 && !code.includes('.')) {
+                return code.slice(0, 2) + '.' + code.slice(2);
+            }
+            return code;
+        }
+
+        function escapeHtml(text) {
+            const map = {
+                '&': '&amp;',
+                '<': '&lt;',
+                '>': '&gt;',
+                '"': '&quot;',
+                "'": '&#039;'
+            };
+            return text.replace(/[&<>"']/g, function(m) { return map[m]; });
+        }
+    </script>
+</head>
+<body>
+    <div id="fil-ariane"></div>
+    <h1 id="label" class="item"></h1>
+    <br/>
+    <div id="notes">
+        <div id="note-generale"></div>
+        <div id="contenu-central"></div>
+        <div id="contenu-limite"></div>
+        <div id="exclusions"></div>
+        <div id="remarques"></div>
+    </div>
+    <div id="sous-items"></div>
+</body>
 </html>
diff --git a/pages/common/emb2020/emb.htm b/pages/common/emb2020/emb.htm
index 31d695c..732446c 100644
--- a/pages/common/emb2020/emb.htm
+++ b/pages/common/emb2020/emb.htm
@@ -1,60 +1,112 @@
 <!DOCTYPE html>
-<html>
-		<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
-        <title>Consultation - EMB 2020</title>
-        <link href="../commun.css" rel="stylesheet" type="text/css"/>
-		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
-		<script>
-			var endpointURL = "http://rdf.insee.fr/sparql";
-			var racine = "http://id.insee.fr/codes/";
-			var nomenclature="emb2020";
-			var niveau="produits"
-			//var niveau2="nafr2"
-			$(document).ready(function() {
-
-				var query = 'PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ';
-				query += 'SELECT ?code ?label WHERE {GRAPH <http://rdf.insee.fr/graphes/codes/'+nomenclature+'> { ?uri skos:prefLabel ?label ; skos:notation ?code . '
-				query += '<'+racine+nomenclature+'/'+niveau+'> skos:member ?uri .  FILTER langMatches (lang(?label), "fr")} . } ORDER BY ?code';
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-
-				$.getJSON(queryURL).success(function(data) {
-
-					var innerHTML = '<p class="nom-enfants">Produits</p><ul class="enfants">';
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var childCode = data.results.bindings[index].code.value;
-						innerHTML += '<li><p><a href="display-item.htm?code=' + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
-					}
-					innerHTML += '</ul>';
-					$('#sous-items').html(innerHTML);
-				});
-				
-				
-				var query2 = 'PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ';
-				query2 += 'SELECT distinct ?code ?label WHERE {?uri skos:prefLabel ?label ; skos:notation ?code ; skos:relatedMatch ?child . '
-				query2 += '<'+racine+nomenclature+'/'+niveau+'> skos:member ?child .  FILTER langMatches (lang(?label), "fr") } ORDER BY ?code';
-				
-				var queryURL2 = endpointURL + "?query=" + encodeURIComponent(query2);
-					
-					$.getJSON(queryURL2).success(function(data) {
-					var innerHTML = '<p class="nom-enfants"> Activités de la NAF </p><ul class="enfants">';
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var childCode = data.results.bindings[index].code.value.replace('.','');
-						innerHTML += '<li><p><a href="display-item.htm?code=' + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
-					}
-					innerHTML += '</ul>';
-					
-					$('#sous-items2').html(innerHTML);
-					});
-			});
-
-		</script>
-	</head>
-	<body>
-		<h1 class="titre-class">Nomenclatures des Enquêtes Mensuelles de Branche (EMB) 2020</h1>
-		<div class="note-generale">
-			<p>Liste des produits des Enquêtes Mensuelles de Branche 2020</p>
-		</div>
-		<div id="sous-items" class="sous-items" style="width: 45%; float: left;"></div>
-		<div id="sous-items2" class="sous-items" style="width: 45%; float: left;"></div>
-	</body>
+<html lang="fr">
+<head>
+    <meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
+    <title>Consultation - EMB 2020</title>
+    <link href="../commun.css" rel="stylesheet" type="text/css"/>
+    <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
+    <script src="https://cdn.jsdelivr.net/npm/handlebars@latest/dist/handlebars.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.1.6/purify.min.js" integrity="sha384-+VfUPEb0PdtChMwmBcBmykRMDd+v6D/oFmB3rZM/puCMDYcIvF968OimRh4KQY9a" crossorigin="anonymous"></script>
+</head>
+<body>
+    <h1 class="titre-class">Nomenclatures des Enquêtes Mensuelles de Branche (EMB) 2020</h1>
+    <div class="note-generale">
+        <p>Liste des produits des Enquêtes Mensuelles de Branche 2020</p>
+    </div>
+    <div id="sous-items1" class="sous-items" style="width: 45%; float: left;"></div>
+    <div id="sous-items2" class="sous-items" style="width: 45%; float: left;"></div>
+
+    <!-- Template for items -->
+    <script id="items-template" type="text/x-handlebars-template">
+        <p class="nom-enfants">{{sanitize title}}</p>
+        <ul class="enfants">
+        {{#each items}}
+            <li><p><a href="display-item.htm?code={{encodeURIComponent correctedCode}}">{{{displayCode}}} - {{{label}}}</a></p></li>
+        {{/each}}
+        </ul>
+    </script>
+
+    <script>
+        const endpointURL = "https://rdf.insee.fr/sparql";
+        const racine = "http://id.insee.fr/codes/";
+        const nomenclature = "emb2020";
+        const niveau = "produits";
+        const niveau2 = "produits";
+
+        document.addEventListener("DOMContentLoaded", function() {
+            const fetchData = (queryURL, elementId, title) => {
+                fetch(queryURL, {
+                    headers: {
+                        'Accept': 'application/sparql-results+json'
+                    }
+                })
+                .then(response => {
+                    if (!response.ok) {
+                        throw new Error('Network response was not ok');
+                    }
+                    return response.json();
+                })
+                .then(data => {
+                    const templateSource = document.getElementById('items-template').innerHTML;
+                    const template = Handlebars.compile(templateSource);
+
+                    const context = {
+                        title: DOMPurify.sanitize(title),
+                        items: data.results.bindings.map(item => {
+                            const code = item.code.value;
+                            const displayCode = (code.length === 6 && code.includes('.')) ? code : code.slice(0, 2) + '.' + code.slice(2);
+                            return {
+                                correctedCode: encodeURIComponent(code.replace('.', '')),
+                                displayCode: Handlebars.escapeExpression(displayCode),
+                                label: Handlebars.escapeExpression(item.label.value)
+                            };
+                        })
+                    };
+
+                    // Sanitize the compiled HTML before injecting it into the DOM
+                    const sanitizedHTML = DOMPurify.sanitize(template(context));
+                    document.getElementById(elementId).innerHTML = sanitizedHTML;
+                })
+                .catch(error => console.error('Error fetching data:', error));
+            };
+
+            const query1 = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?code ?label WHERE {
+                    GRAPH <http://rdf.insee.fr/graphes/codes/${nomenclature}> {
+                        ?uri skos:prefLabel ?label ;
+                             skos:notation ?code .
+                        <${racine}${nomenclature}/${niveau}> skos:member ?uri .
+                        FILTER langMatches(lang(?label), "fr")
+                    }
+                } ORDER BY ?code
+            `;
+            const queryURL1 = `${endpointURL}?query=${encodeURIComponent(query1)}`;
+            fetchData(queryURL1, 'sous-items1', 'Liste des produits');
+
+            const query2 = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT distinct ?code ?label WHERE {
+                    ?uri skos:prefLabel ?label ;
+                         skos:notation ?code ;
+                         skos:relatedMatch ?child .
+                    <${racine}${nomenclature}/${niveau2}> skos:member ?child .
+                    FILTER langMatches(lang(?label), "fr")
+                } ORDER BY ?code
+            `;
+            const queryURL2 = `${endpointURL}?query=${encodeURIComponent(query2)}`;
+            fetchData(queryURL2, 'sous-items2', 'Activités de la NAF');
+        });
+
+        // Helper to encode URL components
+        Handlebars.registerHelper('encodeURIComponent', function(context) {
+            return encodeURIComponent(context);
+        });
+
+        // Helper to sanitize input
+        Handlebars.registerHelper('sanitize', function(context) {
+            return Handlebars.escapeExpression(context);
+        });
+    </script>
+</body>
 </html>
diff --git a/pages/common/emb2022/display-item.htm b/pages/common/emb2022/display-item.htm
index ac4f7d1..080aa1d 100644
--- a/pages/common/emb2022/display-item.htm
+++ b/pages/common/emb2022/display-item.htm
@@ -1,176 +1,264 @@
 <!DOCTYPE html>
 <html lang="fr">
-	<head>
-		<meta charset="utf-8">
-		<meta name="viewport" content="width=device-width, initial-scale=1.0">
-		<meta name="description" content="EMB - consultation">
-		<title>EMB - consultation</title>
-		<link href="../commun.css" rel="stylesheet" type="text/css"/>
-		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
-		<script>
-			var endpointURL = "https://rdf.insee.fr/sparql";
-			var racine = "http://id.insee.fr/codes/";
-			var nomenclature = "emb2022";
-			var regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
-			var replacement = 'display-item.htm?code=';
-			var itemTypes = ['Activité de la NAF', 'Produit'];
-			var parentLength = [0, 5];
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="description" content="EMB - consultation">
+    <title>EMB - consultation</title>
+    <link href="../commun.css" rel="stylesheet" type="text/css"/>
+    <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
+    <script>
+        const endpointURL = "https://rdf.insee.fr/sparql";
+        const racine = "http://id.insee.fr/codes/";
+        const nomenclature = "emb2022";
+        const regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
+        const replacement = 'display-item.htm?code=';
+        const itemTypes = ['Activité de la NAF', 'Produit'];
+        const parentLength = [0, 5];
 
-			$(document).ready(function() {
-				var codeAAffiche = getURLParameter('code');
-				var code;
-				if (codeAAffiche.length < 6) {
-					code = codeAAffiche.substring(0, 2) + "." + codeAAffiche.substring(2);
-				} else {
-					code = codeAAffiche;
-				}
-				$('#fil-ariane').html('<ul>' + breadcrumbs(code, false) + '</ul>');
-				getLabel(code);
-			});
+        document.addEventListener("DOMContentLoaded", function() {
+            const code = sanitizeInput(getURLParameter('code'));
+            if (code) {
+                const formattedCode = formatCodeWithDot(code);
+                document.getElementById('fil-ariane').innerHTML = '<ul>' + breadcrumbs(formattedCode, false) + '</ul>';
+                getLabel(formattedCode);
+            } else {
+                console.error('Code is null or empty.');
+            }
+        });
 
-			function escapeHtml(text) {
-				var map = {
-					'&': '&amp;',
-					'<': '&lt;',
-					'>': '&gt;',
-					'"': '&quot;',
-					"'": '&#039;'
-				};
-				return text.replace(/[&<>"']/g, function(m) { return map[m]; });
-			}
+        async function fetchData(query, type = "json") {
+            const headers = {
+                'Accept': type === 'n-triples' ? 'application/n-triples' : 'application/sparql-results+json'
+            };
+            try {
+                const response = await fetch(`${endpointURL}?query=${encodeURIComponent(query)}`, {
+                    method: 'GET',
+                    headers: headers,
+                });
+                if (!response.ok) {
+                    throw new Error('Network response was not ok');
+                }
+                const contentType = response.headers.get("content-type");
+                if (type === "json" && contentType.includes("application/sparql-results+json")) {
+                    return await response.json();
+                } else if (type === "n-triples" && contentType.includes("application/n-triples")) {
+                    const text = await response.text();
+                    return parseNTriples(text);
+                } else {
+                    throw new Error('Received content is not in the expected format');
+                }
+            } catch (error) {
+                console.error('Error fetching data:', error);
+                throw error;
+            }
+        }
 
-			function getLabel(code) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ";
-				query += "SELECT ?uri ?label WHERE {";
-				query += "?uri skos:prefLabel ?label ; skos:notation '" + escapeHtml(code);
-				query += "'. FILTER langMatches (lang(?label), 'fr')}";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-				var codeAAffiche = code.replace(".", "");
+        function parseNTriples(text) {
+            const triples = text.trim().split('\n').map(line => {
+                const match = line.match(/<([^>]*)>\s*<([^>]*)>\s*<([^>]*)>|<([^>]*)>\s*<([^>]*)>\s*"([^"]*)"/);
+                if (match) {
+                    return {
+                        subject: match[1] || match[4],
+                        predicate: match[2] || match[5],
+                        object: match[3] || match[6]
+                    };
+                } else {
+                    console.error('Failed to parse n-triple line:', line);
+                    return null;
+                }
+            });
+            return triples.filter(triple => triple !== null);
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var itemURI = data.results.bindings[0].uri.value;
-						$('#label').html(escapeHtml(codeAAffiche) + " - " + escapeHtml(data.results.bindings[0].label.value));
-						if (code.length > 6) {
-							getDescription(itemURI);
-						} else {
-							var childTypeIndex = (code.length == 6 ? 1 : 0);
-							getChildren(itemURI, itemTypes[childTypeIndex]);
-						}
-					} else {
-						$('#label').html("<p>Code non trouvé</p>");
-					}
-				}).fail(function() {
-					$('#label').html("<p>Erreur lors de la récupération des données</p>");
-				});
-			}
+        async function getLabel(code) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?uri ?label WHERE {
+                    ?uri skos:prefLabel ?label ; skos:notation '${encodeHTML(code)}'.
+                    FILTER langMatches (lang(?label), 'fr')
+                }
+            `;
+            try {
+                const data = await fetchData(query);
+                if (data.results.bindings.length > 0) {
+                    const itemURI = data.results.bindings[0].uri.value;
+                    document.getElementById('label').textContent = `${code} - ${data.results.bindings[0].label.value}`;
+                    if (code.length > 6) {
+                        getDescription(itemURI);
+                    } else {
+                        const childTypeIndex = (code.length === 5 ? 1 : 0);
+                        getChildren(itemURI, itemTypes[childTypeIndex], code.replace('.', ''));
+                    }
+                } else {
+                    document.getElementById('label').innerHTML = "<p>Code non trouvé</p>";
+                }
+            } catch (error) {
+                document.getElementById('label').innerHTML = "<p>Erreur lors de la récupération des données</p>";
+                console.error('Error in getLabel:', error);
+            }
+        }
 
-			function getDescription(itemURI) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + itemURI + ">";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+        async function getDescription(itemURI) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                DESCRIBE <${encodeHTML(itemURI)}>
+            `;
+            try {
+                const data = await fetchData(query, "n-triples");
+                data.forEach(triple => {
+                    const predicateValue = triple.predicate;
+                    const objectValue = triple.object;
+                    if (predicateValue === "http://www.w3.org/2004/02/skos/core#definition") getNote(objectValue, "note-generale");
+                    else if (predicateValue === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(objectValue, "note-generale");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(objectValue, "contenu-central");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(objectValue, "contenu-limite");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(objectValue, "exclusions");
+                    else if (predicateValue === "http://www.w3.org/2004/02/skos/core#note") getNote(objectValue, "remarques");
+                });
+            } catch (error) {
+                console.error('Error in getDescription:', error);
+            }
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var bindingObject = data.results.bindings[index];
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale");
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions");
-						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques");
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        async function getChildren(itemURI, childType, code) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?code ?label WHERE {
+                    <${encodeHTML(itemURI)}> skos:relatedMatch ?child .
+                    ?child skos:notation ?code ; skos:prefLabel ?label .
+                    FILTER langMatches (lang(?label), 'fr')
+                } ORDER BY ?code
+            `;
+            try {
+                const data = await fetchData(query);
+                if (data.results.bindings.length > 0) {
+                    let innerHTML = '<p class="nom-enfants">' + escapeHtml(childType) + (data.results.bindings.length > 1 ? 's' : '') + '</p><ul class="enfants">';
+                    data.results.bindings.forEach(item => {
+                        const childCode = encodeHTML(item.code.value);
+                        const childLabel = encodeHTML(item.label.value);
+                        const displayCode = formatCodeWithDot(childCode);
+                        innerHTML += `<li><p><a href="${replacement}${encodeURIComponent(childCode.replace('.', ''))}">${displayCode} - ${childLabel}</a></p></li>`;
+                    });
+                    innerHTML += '</ul>';
+                    const sousItemsElement = document.getElementById('sous-items');
+                    sousItemsElement.innerHTML = innerHTML;
+                    sousItemsElement.classList.add("sous-items");
+                } else {
+                    document.getElementById('sous-items').innerHTML = "<p>Aucun produit trouvé</p>";
+                }
+            } catch (error) {
+                document.getElementById('sous-items').innerHTML = "<p>Erreur lors de la récupération des données</p>";
+                console.error('Error in getChildren:', error);
+            }
+        }
 
-			function getChildren(itemURI, childType) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + escapeHtml(itemURI) + "> skos:relatedMatch ?child . ";
-				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+        async function getNote(uri, tag) {
+            const query = `
+                SELECT ?text WHERE {
+                    <${encodeHTML(uri)}> <http://eurovoc.europa.eu/schema#noteLiteral> ?text
+                }
+            `;
+            try {
+                const data = await fetchData(query);
+                if (data.results.bindings.length > 0) {
+                    const noteText = encodeHTML(data.results.bindings[0].text.value.replace(regex, replacement));
+                    const tagElement = document.getElementById(tag);
+                    tagElement.innerHTML += noteText.replace(/\\\$/g, "<br />");
+                    tagElement.classList.add(tag);
+                }
+            } catch (error) {
+                console.error('Error in getNote:', error);
+            }
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var innerHTML = '<p class="nom-enfants">' + escapeHtml(childType) + (data.results.bindings.length > 1 ? 's' : '') + '</p><ul class="enfants">';
-						for (var index = 0; index < data.results.bindings.length; index++) {
-							var childCode = data.results.bindings[index].code.value;
-							innerHTML += '<li><p><a href="' + replacement + escapeHtml(childCode) + '">' + escapeHtml(childCode) + ' - ' + escapeHtml(data.results.bindings[index].label.value) + '</a></p></li>';
-						}
-						innerHTML += '</ul>';
-						$('#sous-items').html(innerHTML);
-						$('#sous-items').addClass("sous-items");
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        function getURLParameter(name) {
+            const result = new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search);
+            return result ? decodeURIComponent(result[1].replace(/\+/g, '%20')) : null;
+        }
 
-			function getURLParameter(name) {
-    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20')) || null;
-			}
+        function breadcrumbs(code, finalLink) {
+            if (!code) {
+                console.error('Code is null or empty.');
+                return '';
+            }
+            let niveau;
+            if (code.length > 6) {
+                niveau = 'Produit ';
+            } else {
+                niveau = 'Activité ';
+            }
+            const name = `${niveau}${encodeHTML(code)}`;
+            const fin = finalLink ?
+                `<li><a href="${replacement}${encodeURIComponent(code.replace('.', ''))}" title="${name}">${name}</a></li>` :
+                `<li>${name}</li>`;
 
-			function getNote(uri, tag) {
-				var query = 'SELECT ?text WHERE { <' + escapeHtml(uri) + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }';
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+            if (code.length === 6) {
+                return `<li><a href="emb.htm" title="Accueil">${nomenclature.toUpperCase()}</a></li>&nbsp;${fin}`;
+            } else {
+                const parentCode = getParentCode(code);
+                if (parentCode) {
+                    return `${breadcrumbs(parentCode, true)}&nbsp;${fin}`;
+                } else {
+                    return fin;
+                }
+            }
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
-						$('#' + tag).append(escapeHtml(noteText).replace(/\\\$/g, "<br />"));
-						$('#' + tag).addClass(tag);
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        function getParentCode(code) {
+            if (code && code.length > 6) {
+                let codeParent = code.substr(0, parentLength[1]);
+                codeParent = codeParent.substring(0, 2) + "." + codeParent.substring(2);
+                return codeParent;
+            }
+            return null;
+        }
 
-			function breadcrumbs(code, finalLink) {
-				var codeAAffiche;
-				var niveau;
-				if (code && code.length > 6) {
-					niveau = 'Produit ';
-					codeAAffiche = code;
-				} else {
-					niveau = 'Activité ';
-					codeAAffiche = code.replace(".", "");
-				}
-				var name = escapeHtml(niveau + codeAAffiche);
-				var html;
-				var fin = (finalLink ?
-					('<li><a href="' + replacement + escapeHtml(codeAAffiche) + '" title="' + name + '">' + name + '</a></li>')
-					: ('<li>' + name + '</li>')
-				);
+        function encodeHTML(str) {
+            if (str == null) {
+                return '';
+            }
+            return str.replace(/&/g, '&amp;')
+                      .replace(/</g, '&lt;')
+                      .replace(/>/g, '&gt;')
+                      .replace(/"/g, '&quot;')
+                      .replace(/'/g, '&#39;');
+        }
 
-				if (code && code.length == 6) {
-					html = '<li><a href="emb.htm" title="Accueil">' + escapeHtml(nomenclature.toUpperCase()) + '</a></li>&nbsp;' + fin;
-				} else if (code) {
-					html = breadcrumbs(getParentCode(code), true) + '&nbsp;' + fin;
-				}
-				return html;
-			}
+        function sanitizeInput(input) {
+            return input ? input.replace(/[^a-zA-Z0-9-_]/g, '') : '';
+        }
 
-			function getParentCode(code) {
-				var codeParent;
-				if (code && code.length > 6) {
-					var codeParentSansPoint = code.substr(0, parentLength[1]);
-					codeParent = codeParentSansPoint.substring(0, 2) + "." + codeParentSansPoint.substring(2);
-					return codeParent;
-				}
-				return null;
-			}
-		</script>
-	</head>
-	<body>
-		<div id="fil-ariane"></div>
-		<h1 id="label" class="item"></h1>
-		<br/>
-		<div id="notes">
-			<div id="note-generale"></div>
-			<div id="contenu-central"></div>
-			<div id="contenu-limite"></div>
-			<div id="exclusions"></div>
-			<div id="remarques"></div>
-		</div>
-		<div id="sous-items"></div>
-	</body>
+        function formatCodeWithDot(code) {
+            if (code.length === 5 && !code.includes('.')) {
+                return code.slice(0, 2) + '.' + code.slice(2);
+            }
+            return code;
+        }
+
+        function escapeHtml(text) {
+            const map = {
+                '&': '&amp;',
+                '<': '&lt;',
+                '>': '&gt;',
+                '"': '&quot;',
+                "'": '&#039;'
+            };
+            return text.replace(/[&<>"']/g, function(m) { return map[m]; });
+        }
+    </script>
+</head>
+<body>
+    <div id="fil-ariane"></div>
+    <h1 id="label" class="item"></h1>
+    <br/>
+    <div id="notes">
+        <div id="note-generale"></div>
+        <div id="contenu-central"></div>
+        <div id="contenu-limite"></div>
+        <div id="exclusions"></div>
+        <div id="remarques"></div>
+    </div>
+    <div id="sous-items"></div>
+</body>
 </html>
diff --git a/pages/common/emb2022/emb.htm b/pages/common/emb2022/emb.htm
index 9add7db..61165f8 100644
--- a/pages/common/emb2022/emb.htm
+++ b/pages/common/emb2022/emb.htm
@@ -1,60 +1,112 @@
 <!DOCTYPE html>
-<html>
-		<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
-        <title>Consultation - EMB 2022</title>
-        <link href="../commun.css" rel="stylesheet" type="text/css"/>
-		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
-		<script>
-			var endpointURL = "https://rdf.insee.fr/sparql";
-			var racine = "http://id.insee.fr/codes/";
-			var nomenclature="emb2022";
-			var niveau="produits"
-			//var niveau2="nafr2"
-			$(document).ready(function() {
-
-				var query = 'PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ';
-				query += 'SELECT ?code ?label WHERE {GRAPH <http://rdf.insee.fr/graphes/codes/'+nomenclature+'> { ?uri skos:prefLabel ?label ; skos:notation ?code . '
-				query += '<'+racine+nomenclature+'/'+niveau+'> skos:member ?uri .  FILTER langMatches (lang(?label), "fr")} . } ORDER BY ?code';
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-
-				$.getJSON(queryURL).success(function(data) {
-
-					var innerHTML = '<p class="nom-enfants">Produits</p><ul class="enfants">';
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var childCode = data.results.bindings[index].code.value;
-						innerHTML += '<li><p><a href="display-item.htm?code=' + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
-					}
-					innerHTML += '</ul>';
-					$('#sous-items').html(innerHTML);
-				});
-				
-				
-				var query2 = 'PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ';
-				query2 += 'SELECT distinct ?code ?label WHERE {?uri skos:prefLabel ?label ; skos:notation ?code ; skos:relatedMatch ?child . '
-				query2 += '<'+racine+nomenclature+'/'+niveau+'> skos:member ?child .  FILTER langMatches (lang(?label), "fr") } ORDER BY ?code';
-				
-				var queryURL2 = endpointURL + "?query=" + encodeURIComponent(query2);
-					
-					$.getJSON(queryURL2).success(function(data) {
-					var innerHTML = '<p class="nom-enfants"> Activités de la NAF </p><ul class="enfants">';
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var childCode = data.results.bindings[index].code.value.replace('.','');
-						innerHTML += '<li><p><a href="display-item.htm?code=' + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
-					}
-					innerHTML += '</ul>';
-					
-					$('#sous-items2').html(innerHTML);
-					});
-			});
-
-		</script>
-	</head>
-	<body>
-		<h1 class="titre-class">Nomenclatures des Enquêtes Mensuelles de Branche (EMB) 2022</h1>
-		<div class="note-generale">
-			<p>Liste des produits des Enquêtes Mensuelles de Branche 2022</p>
-		</div>
-		<div id="sous-items" class="sous-items" style="width: 45%; float: left;"></div>
-		<div id="sous-items2" class="sous-items" style="width: 45%; float: left;"></div>
-	</body>
+<html lang="fr">
+<head>
+    <meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
+    <title>Consultation - EMB 2022</title>
+    <link href="../commun.css" rel="stylesheet" type="text/css"/>
+    <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
+    <script src="https://cdn.jsdelivr.net/npm/handlebars@latest/dist/handlebars.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.1.6/purify.min.js" integrity="sha384-+VfUPEb0PdtChMwmBcBmykRMDd+v6D/oFmB3rZM/puCMDYcIvF968OimRh4KQY9a" crossorigin="anonymous"></script>
+</head>
+<body>
+    <h1 class="titre-class">Nomenclatures des Enquêtes Mensuelles de Branche (EMB) 2022</h1>
+    <div class="note-generale">
+        <p>Liste des produits des Enquêtes Mensuelles de Branche 2022</p>
+    </div>
+    <div id="sous-items1" class="sous-items" style="width: 45%; float: left;"></div>
+    <div id="sous-items2" class="sous-items" style="width: 45%; float: left;"></div>
+
+    <!-- Template for items -->
+    <script id="items-template" type="text/x-handlebars-template">
+        <p class="nom-enfants">{{sanitize title}}</p>
+        <ul class="enfants">
+        {{#each items}}
+            <li><p><a href="display-item.htm?code={{encodeURIComponent correctedCode}}">{{{displayCode}}} - {{{label}}}</a></p></li>
+        {{/each}}
+        </ul>
+    </script>
+
+    <script>
+        const endpointURL = "https://rdf.insee.fr/sparql";
+        const racine = "http://id.insee.fr/codes/";
+        const nomenclature = "emb2022";
+        const niveau = "produits";
+        const niveau2 = "produits";
+
+        document.addEventListener("DOMContentLoaded", function() {
+            const fetchData = (queryURL, elementId, title) => {
+                fetch(queryURL, {
+                    headers: {
+                        'Accept': 'application/sparql-results+json'
+                    }
+                })
+                .then(response => {
+                    if (!response.ok) {
+                        throw new Error('Network response was not ok');
+                    }
+                    return response.json();
+                })
+                .then(data => {
+                    const templateSource = document.getElementById('items-template').innerHTML;
+                    const template = Handlebars.compile(templateSource);
+
+                    const context = {
+                        title: DOMPurify.sanitize(title),
+                        items: data.results.bindings.map(item => {
+                            const code = item.code.value;
+                            const displayCode = (code.length === 6 && code.includes('.')) ? code : code.slice(0, 2) + '.' + code.slice(2);
+                            return {
+                                correctedCode: encodeURIComponent(code.replace('.', '')),
+                                displayCode: Handlebars.escapeExpression(displayCode),
+                                label: Handlebars.escapeExpression(item.label.value)
+                            };
+                        })
+                    };
+
+                    // Sanitize the compiled HTML before injecting it into the DOM
+                    const sanitizedHTML = DOMPurify.sanitize(template(context));
+                    document.getElementById(elementId).innerHTML = sanitizedHTML;
+                })
+                .catch(error => console.error('Error fetching data:', error));
+            };
+
+            const query1 = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?code ?label WHERE {
+                    GRAPH <http://rdf.insee.fr/graphes/codes/${nomenclature}> {
+                        ?uri skos:prefLabel ?label ;
+                             skos:notation ?code .
+                        <${racine}${nomenclature}/${niveau}> skos:member ?uri .
+                        FILTER langMatches(lang(?label), "fr")
+                    }
+                } ORDER BY ?code
+            `;
+            const queryURL1 = `${endpointURL}?query=${encodeURIComponent(query1)}`;
+            fetchData(queryURL1, 'sous-items1', 'Liste des produits');
+
+            const query2 = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT distinct ?code ?label WHERE {
+                    ?uri skos:prefLabel ?label ;
+                         skos:notation ?code ;
+                         skos:relatedMatch ?child .
+                    <${racine}${nomenclature}/${niveau2}> skos:member ?child .
+                    FILTER langMatches(lang(?label), "fr")
+                } ORDER BY ?code
+            `;
+            const queryURL2 = `${endpointURL}?query=${encodeURIComponent(query2)}`;
+            fetchData(queryURL2, 'sous-items2', 'Activités de la NAF');
+        });
+
+        // Helper to encode URL components
+        Handlebars.registerHelper('encodeURIComponent', function(context) {
+            return encodeURIComponent(context);
+        });
+
+        // Helper to sanitize input
+        Handlebars.registerHelper('sanitize', function(context) {
+            return Handlebars.escapeExpression(context);
+        });
+    </script>
+</body>
 </html>
diff --git a/pages/common/emb2023/display-item.htm b/pages/common/emb2023/display-item.htm
index 4bc525c..9465a6e 100644
--- a/pages/common/emb2023/display-item.htm
+++ b/pages/common/emb2023/display-item.htm
@@ -1,176 +1,264 @@
 <!DOCTYPE html>
 <html lang="fr">
-	<head>
-		<meta charset="utf-8">
-		<meta name="viewport" content="width=device-width, initial-scale=1.0">
-		<meta name="description" content="EMB - consultation">
-		<title>EMB - consultation</title>
-		<link href="../commun.css" rel="stylesheet" type="text/css"/>
-		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
-		<script>
-			var endpointURL = "https://rdf.insee.fr/sparql";
-			var racine = "http://id.insee.fr/codes/";
-			var nomenclature = "emb2023";
-			var regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
-			var replacement = 'display-item.htm?code=';
-			var itemTypes = ['Activité de la NAF', 'Produit'];
-			var parentLength = [0, 5];
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="description" content="EMB - consultation">
+    <title>EMB - consultation</title>
+    <link href="../commun.css" rel="stylesheet" type="text/css"/>
+    <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
+    <script>
+        const endpointURL = "https://rdf.insee.fr/sparql";
+        const racine = "http://id.insee.fr/codes/";
+        const nomenclature = "emb2023";
+        const regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
+        const replacement = 'display-item.htm?code=';
+        const itemTypes = ['Activité de la NAF', 'Produit'];
+        const parentLength = [0, 5];
 
-			$(document).ready(function() {
-				var codeAAffiche = getURLParameter('code');
-				var code;
-				if (codeAAffiche.length < 6) {
-					code = codeAAffiche.substring(0, 2) + "." + codeAAffiche.substring(2);
-				} else {
-					code = codeAAffiche;
-				}
-				$('#fil-ariane').html('<ul>' + breadcrumbs(code, false) + '</ul>');
-				getLabel(code);
-			});
+        document.addEventListener("DOMContentLoaded", function() {
+            const code = sanitizeInput(getURLParameter('code'));
+            if (code) {
+                const formattedCode = formatCodeWithDot(code);
+                document.getElementById('fil-ariane').innerHTML = '<ul>' + breadcrumbs(formattedCode, false) + '</ul>';
+                getLabel(formattedCode);
+            } else {
+                console.error('Code is null or empty.');
+            }
+        });
 
-			function escapeHtml(text) {
-				var map = {
-					'&': '&amp;',
-					'<': '&lt;',
-					'>': '&gt;',
-					'"': '&quot;',
-					"'": '&#039;'
-				};
-				return text.replace(/[&<>"']/g, function(m) { return map[m]; });
-			}
+        async function fetchData(query, type = "json") {
+            const headers = {
+                'Accept': type === 'n-triples' ? 'application/n-triples' : 'application/sparql-results+json'
+            };
+            try {
+                const response = await fetch(`${endpointURL}?query=${encodeURIComponent(query)}`, {
+                    method: 'GET',
+                    headers: headers,
+                });
+                if (!response.ok) {
+                    throw new Error('Network response was not ok');
+                }
+                const contentType = response.headers.get("content-type");
+                if (type === "json" && contentType.includes("application/sparql-results+json")) {
+                    return await response.json();
+                } else if (type === "n-triples" && contentType.includes("application/n-triples")) {
+                    const text = await response.text();
+                    return parseNTriples(text);
+                } else {
+                    throw new Error('Received content is not in the expected format');
+                }
+            } catch (error) {
+                console.error('Error fetching data:', error);
+                throw error;
+            }
+        }
 
-			function getLabel(code) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ";
-				query += "SELECT ?uri ?label WHERE {";
-				query += "?uri skos:prefLabel ?label ; skos:notation '" + escapeHtml(code);
-				query += "'. FILTER langMatches (lang(?label), 'fr')}";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-				var codeAAffiche = code.replace(".", "");
+        function parseNTriples(text) {
+            const triples = text.trim().split('\n').map(line => {
+                const match = line.match(/<([^>]*)>\s*<([^>]*)>\s*<([^>]*)>|<([^>]*)>\s*<([^>]*)>\s*"([^"]*)"/);
+                if (match) {
+                    return {
+                        subject: match[1] || match[4],
+                        predicate: match[2] || match[5],
+                        object: match[3] || match[6]
+                    };
+                } else {
+                    console.error('Failed to parse n-triple line:', line);
+                    return null;
+                }
+            });
+            return triples.filter(triple => triple !== null);
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var itemURI = data.results.bindings[0].uri.value;
-						$('#label').html(escapeHtml(codeAAffiche) + " - " + escapeHtml(data.results.bindings[0].label.value));
-						if (code.length > 6) {
-							getDescription(itemURI);
-						} else {
-							var childTypeIndex = (code.length == 6 ? 1 : 0);
-							getChildren(itemURI, itemTypes[childTypeIndex]);
-						}
-					} else {
-						$('#label').html("<p>Code non trouvé</p>");
-					}
-				}).fail(function() {
-					$('#label').html("<p>Erreur lors de la récupération des données</p>");
-				});
-			}
+        async function getLabel(code) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?uri ?label WHERE {
+                    ?uri skos:prefLabel ?label ; skos:notation '${encodeHTML(code)}'.
+                    FILTER langMatches (lang(?label), 'fr')
+                }
+            `;
+            try {
+                const data = await fetchData(query);
+                if (data.results.bindings.length > 0) {
+                    const itemURI = data.results.bindings[0].uri.value;
+                    document.getElementById('label').textContent = `${code} - ${data.results.bindings[0].label.value}`;
+                    if (code.length > 6) {
+                        getDescription(itemURI);
+                    } else {
+                        const childTypeIndex = (code.length === 5 ? 1 : 0);
+                        getChildren(itemURI, itemTypes[childTypeIndex], code.replace('.', ''));
+                    }
+                } else {
+                    document.getElementById('label').innerHTML = "<p>Code non trouvé</p>";
+                }
+            } catch (error) {
+                document.getElementById('label').innerHTML = "<p>Erreur lors de la récupération des données</p>";
+                console.error('Error in getLabel:', error);
+            }
+        }
 
-			function getDescription(itemURI) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + itemURI + ">";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+        async function getDescription(itemURI) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                DESCRIBE <${encodeHTML(itemURI)}>
+            `;
+            try {
+                const data = await fetchData(query, "n-triples");
+                data.forEach(triple => {
+                    const predicateValue = triple.predicate;
+                    const objectValue = triple.object;
+                    if (predicateValue === "http://www.w3.org/2004/02/skos/core#definition") getNote(objectValue, "note-generale");
+                    else if (predicateValue === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(objectValue, "note-generale");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(objectValue, "contenu-central");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(objectValue, "contenu-limite");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(objectValue, "exclusions");
+                    else if (predicateValue === "http://www.w3.org/2004/02/skos/core#note") getNote(objectValue, "remarques");
+                });
+            } catch (error) {
+                console.error('Error in getDescription:', error);
+            }
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var bindingObject = data.results.bindings[index];
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale");
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions");
-						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques");
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        async function getChildren(itemURI, childType, code) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?code ?label WHERE {
+                    <${encodeHTML(itemURI)}> skos:relatedMatch ?child .
+                    ?child skos:notation ?code ; skos:prefLabel ?label .
+                    FILTER langMatches (lang(?label), 'fr')
+                } ORDER BY ?code
+            `;
+            try {
+                const data = await fetchData(query);
+                if (data.results.bindings.length > 0) {
+                    let innerHTML = '<p class="nom-enfants">' + escapeHtml(childType) + (data.results.bindings.length > 1 ? 's' : '') + '</p><ul class="enfants">';
+                    data.results.bindings.forEach(item => {
+                        const childCode = encodeHTML(item.code.value);
+                        const childLabel = encodeHTML(item.label.value);
+                        const displayCode = formatCodeWithDot(childCode);
+                        innerHTML += `<li><p><a href="${replacement}${encodeURIComponent(childCode.replace('.', ''))}">${displayCode} - ${childLabel}</a></p></li>`;
+                    });
+                    innerHTML += '</ul>';
+                    const sousItemsElement = document.getElementById('sous-items');
+                    sousItemsElement.innerHTML = innerHTML;
+                    sousItemsElement.classList.add("sous-items");
+                } else {
+                    document.getElementById('sous-items').innerHTML = "<p>Aucun produit trouvé</p>";
+                }
+            } catch (error) {
+                document.getElementById('sous-items').innerHTML = "<p>Erreur lors de la récupération des données</p>";
+                console.error('Error in getChildren:', error);
+            }
+        }
 
-			function getChildren(itemURI, childType) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + escapeHtml(itemURI) + "> skos:relatedMatch ?child . ";
-				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+        async function getNote(uri, tag) {
+            const query = `
+                SELECT ?text WHERE {
+                    <${encodeHTML(uri)}> <http://eurovoc.europa.eu/schema#noteLiteral> ?text
+                }
+            `;
+            try {
+                const data = await fetchData(query);
+                if (data.results.bindings.length > 0) {
+                    const noteText = encodeHTML(data.results.bindings[0].text.value.replace(regex, replacement));
+                    const tagElement = document.getElementById(tag);
+                    tagElement.innerHTML += noteText.replace(/\\\$/g, "<br />");
+                    tagElement.classList.add(tag);
+                }
+            } catch (error) {
+                console.error('Error in getNote:', error);
+            }
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var innerHTML = '<p class="nom-enfants">' + escapeHtml(childType) + (data.results.bindings.length > 1 ? 's' : '') + '</p><ul class="enfants">';
-						for (var index = 0; index < data.results.bindings.length; index++) {
-							var childCode = data.results.bindings[index].code.value;
-							innerHTML += '<li><p><a href="' + replacement + escapeHtml(childCode) + '">' + escapeHtml(childCode) + ' - ' + escapeHtml(data.results.bindings[index].label.value) + '</a></p></li>';
-						}
-						innerHTML += '</ul>';
-						$('#sous-items').html(innerHTML);
-						$('#sous-items').addClass("sous-items");
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        function getURLParameter(name) {
+            const result = new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search);
+            return result ? decodeURIComponent(result[1].replace(/\+/g, '%20')) : null;
+        }
 
-			function getURLParameter(name) {
-    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20')) || null;
-			}
+        function breadcrumbs(code, finalLink) {
+            if (!code) {
+                console.error('Code is null or empty.');
+                return '';
+            }
+            let niveau;
+            if (code.length > 6) {
+                niveau = 'Produit ';
+            } else {
+                niveau = 'Activité ';
+            }
+            const name = `${niveau}${encodeHTML(code)}`;
+            const fin = finalLink ?
+                `<li><a href="${replacement}${encodeURIComponent(code.replace('.', ''))}" title="${name}">${name}</a></li>` :
+                `<li>${name}</li>`;
 
-			function getNote(uri, tag) {
-				var query = 'SELECT ?text WHERE { <' + escapeHtml(uri) + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }';
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+            if (code.length === 6) {
+                return `<li><a href="emb.htm" title="Accueil">${nomenclature.toUpperCase()}</a></li>&nbsp;${fin}`;
+            } else {
+                const parentCode = getParentCode(code);
+                if (parentCode) {
+                    return `${breadcrumbs(parentCode, true)}&nbsp;${fin}`;
+                } else {
+                    return fin;
+                }
+            }
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
-						$('#' + tag).append(escapeHtml(noteText).replace(/\\\$/g, "<br />"));
-						$('#' + tag).addClass(tag);
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        function getParentCode(code) {
+            if (code && code.length > 6) {
+                let codeParent = code.substr(0, parentLength[1]);
+                codeParent = codeParent.substring(0, 2) + "." + codeParent.substring(2);
+                return codeParent;
+            }
+            return null;
+        }
 
-			function breadcrumbs(code, finalLink) {
-				var codeAAffiche;
-				var niveau;
-				if (code && code.length > 6) {
-					niveau = 'Produit ';
-					codeAAffiche = code;
-				} else {
-					niveau = 'Activité ';
-					codeAAffiche = code.replace(".", "");
-				}
-				var name = escapeHtml(niveau + codeAAffiche);
-				var html;
-				var fin = (finalLink ?
-					('<li><a href="' + replacement + escapeHtml(codeAAffiche) + '" title="' + name + '">' + name + '</a></li>')
-					: ('<li>' + name + '</li>')
-				);
+        function encodeHTML(str) {
+            if (str == null) {
+                return '';
+            }
+            return str.replace(/&/g, '&amp;')
+                      .replace(/</g, '&lt;')
+                      .replace(/>/g, '&gt;')
+                      .replace(/"/g, '&quot;')
+                      .replace(/'/g, '&#39;');
+        }
 
-				if (code && code.length == 6) {
-					html = '<li><a href="emb.htm" title="Accueil">' + escapeHtml(nomenclature.toUpperCase()) + '</a></li>&nbsp;' + fin;
-				} else if (code) {
-					html = breadcrumbs(getParentCode(code), true) + '&nbsp;' + fin;
-				}
-				return html;
-			}
+        function sanitizeInput(input) {
+            return input ? input.replace(/[^a-zA-Z0-9-_]/g, '') : '';
+        }
 
-			function getParentCode(code) {
-				var codeParent;
-				if (code && code.length > 6) {
-					var codeParentSansPoint = code.substr(0, parentLength[1]);
-					codeParent = codeParentSansPoint.substring(0, 2) + "." + codeParentSansPoint.substring(2);
-					return codeParent;
-				}
-				return null;
-			}
-		</script>
-	</head>
-	<body>
-		<div id="fil-ariane"></div>
-		<h1 id="label" class="item"></h1>
-		<br/>
-		<div id="notes">
-			<div id="note-generale"></div>
-			<div id="contenu-central"></div>
-			<div id="contenu-limite"></div>
-			<div id="exclusions"></div>
-			<div id="remarques"></div>
-		</div>
-		<div id="sous-items"></div>
-	</body>
+        function formatCodeWithDot(code) {
+            if (code.length === 5 && !code.includes('.')) {
+                return code.slice(0, 2) + '.' + code.slice(2);
+            }
+            return code;
+        }
+
+        function escapeHtml(text) {
+            const map = {
+                '&': '&amp;',
+                '<': '&lt;',
+                '>': '&gt;',
+                '"': '&quot;',
+                "'": '&#039;'
+            };
+            return text.replace(/[&<>"']/g, function(m) { return map[m]; });
+        }
+    </script>
+</head>
+<body>
+    <div id="fil-ariane"></div>
+    <h1 id="label" class="item"></h1>
+    <br/>
+    <div id="notes">
+        <div id="note-generale"></div>
+        <div id="contenu-central"></div>
+        <div id="contenu-limite"></div>
+        <div id="exclusions"></div>
+        <div id="remarques"></div>
+    </div>
+    <div id="sous-items"></div>
+</body>
 </html>
diff --git a/pages/common/emb2023/emb.htm b/pages/common/emb2023/emb.htm
index 590b3df..c789dcc 100644
--- a/pages/common/emb2023/emb.htm
+++ b/pages/common/emb2023/emb.htm
@@ -1,60 +1,112 @@
 <!DOCTYPE html>
-<html>
-		<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
-        <title>Consultation - EMB 2023</title>
-        <link href="../commun.css" rel="stylesheet" type="text/css"/>
-		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
-		<script>
-			var endpointURL = "https://rdf.insee.fr/sparql";
-			var racine = "http://id.insee.fr/codes/";
-			var nomenclature="emb2023";
-			var niveau="produits"
-			//var niveau2="nafr2"
-			$(document).ready(function() {
-
-				var query = 'PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ';
-				query += 'SELECT ?code ?label WHERE {GRAPH <http://rdf.insee.fr/graphes/codes/'+nomenclature+'> { ?uri skos:prefLabel ?label ; skos:notation ?code . '
-				query += '<'+racine+nomenclature+'/'+niveau+'> skos:member ?uri .  FILTER langMatches (lang(?label), "fr")} . } ORDER BY ?code';
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-
-				$.getJSON(queryURL).success(function(data) {
-
-					var innerHTML = '<p class="nom-enfants">Produits</p><ul class="enfants">';
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var childCode = data.results.bindings[index].code.value;
-						innerHTML += '<li><p><a href="display-item.htm?code=' + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
-					}
-					innerHTML += '</ul>';
-					$('#sous-items').html(innerHTML);
-				});
-				
-				
-				var query2 = 'PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ';
-				query2 += 'SELECT distinct ?code ?label WHERE {?uri skos:prefLabel ?label ; skos:notation ?code ; skos:relatedMatch ?child . '
-				query2 += '<'+racine+nomenclature+'/'+niveau+'> skos:member ?child .  FILTER langMatches (lang(?label), "fr") } ORDER BY ?code';
-				
-				var queryURL2 = endpointURL + "?query=" + encodeURIComponent(query2);
-					
-					$.getJSON(queryURL2).success(function(data) {
-					var innerHTML = '<p class="nom-enfants"> Activités de la NAF </p><ul class="enfants">';
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var childCode = data.results.bindings[index].code.value.replace('.','');
-						innerHTML += '<li><p><a href="display-item.htm?code=' + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
-					}
-					innerHTML += '</ul>';
-					
-					$('#sous-items2').html(innerHTML);
-					});
-			});
-
-		</script>
-	</head>
-	<body>
-		<h1 class="titre-class">Nomenclatures des Enquêtes Mensuelles de Branche (EMB) 2023</h1>
-		<div class="note-generale">
-			<p>Liste des produits des Enquêtes Mensuelles de Branche 2023</p>
-		</div>
-		<div id="sous-items" class="sous-items" style="width: 45%; float: left;"></div>
-		<div id="sous-items2" class="sous-items" style="width: 45%; float: left;"></div>
-	</body>
+<html lang="fr">
+<head>
+    <meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
+    <title>Consultation - EMB 2023</title>
+    <link href="../commun.css" rel="stylesheet" type="text/css"/>
+    <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
+    <script src="https://cdn.jsdelivr.net/npm/handlebars@latest/dist/handlebars.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.1.6/purify.min.js" integrity="sha384-+VfUPEb0PdtChMwmBcBmykRMDd+v6D/oFmB3rZM/puCMDYcIvF968OimRh4KQY9a" crossorigin="anonymous"></script>
+</head>
+<body>
+    <h1 class="titre-class">Nomenclatures des Enquêtes Mensuelles de Branche (EMB) 2023</h1>
+    <div class="note-generale">
+        <p>Liste des produits des Enquêtes Mensuelles de Branche 2023</p>
+    </div>
+    <div id="sous-items1" class="sous-items" style="width: 45%; float: left;"></div>
+    <div id="sous-items2" class="sous-items" style="width: 45%; float: left;"></div>
+
+    <!-- Template for items -->
+    <script id="items-template" type="text/x-handlebars-template">
+        <p class="nom-enfants">{{sanitize title}}</p>
+        <ul class="enfants">
+        {{#each items}}
+            <li><p><a href="display-item.htm?code={{encodeURIComponent correctedCode}}">{{{displayCode}}} - {{{label}}}</a></p></li>
+        {{/each}}
+        </ul>
+    </script>
+
+    <script>
+        const endpointURL = "https://rdf.insee.fr/sparql";
+        const racine = "http://id.insee.fr/codes/";
+        const nomenclature = "emb2023";
+        const niveau = "produits";
+        const niveau2 = "produits";
+
+        document.addEventListener("DOMContentLoaded", function() {
+            const fetchData = (queryURL, elementId, title) => {
+                fetch(queryURL, {
+                    headers: {
+                        'Accept': 'application/sparql-results+json'
+                    }
+                })
+                .then(response => {
+                    if (!response.ok) {
+                        throw new Error('Network response was not ok');
+                    }
+                    return response.json();
+                })
+                .then(data => {
+                    const templateSource = document.getElementById('items-template').innerHTML;
+                    const template = Handlebars.compile(templateSource);
+
+                    const context = {
+                        title: DOMPurify.sanitize(title),
+                        items: data.results.bindings.map(item => {
+                            const code = item.code.value;
+                            const displayCode = (code.length === 6 && code.includes('.')) ? code : code.slice(0, 2) + '.' + code.slice(2);
+                            return {
+                                correctedCode: encodeURIComponent(code.replace('.', '')),
+                                displayCode: Handlebars.escapeExpression(displayCode),
+                                label: Handlebars.escapeExpression(item.label.value)
+                            };
+                        })
+                    };
+
+                    // Sanitize the compiled HTML before injecting it into the DOM
+                    const sanitizedHTML = DOMPurify.sanitize(template(context));
+                    document.getElementById(elementId).innerHTML = sanitizedHTML;
+                })
+                .catch(error => console.error('Error fetching data:', error));
+            };
+
+            const query1 = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?code ?label WHERE {
+                    GRAPH <http://rdf.insee.fr/graphes/codes/${nomenclature}> {
+                        ?uri skos:prefLabel ?label ;
+                             skos:notation ?code .
+                        <${racine}${nomenclature}/${niveau}> skos:member ?uri .
+                        FILTER langMatches(lang(?label), "fr")
+                    }
+                } ORDER BY ?code
+            `;
+            const queryURL1 = `${endpointURL}?query=${encodeURIComponent(query1)}`;
+            fetchData(queryURL1, 'sous-items1', 'Liste des produits');
+
+            const query2 = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT distinct ?code ?label WHERE {
+                    ?uri skos:prefLabel ?label ;
+                         skos:notation ?code ;
+                         skos:relatedMatch ?child .
+                    <${racine}${nomenclature}/${niveau2}> skos:member ?child .
+                    FILTER langMatches(lang(?label), "fr")
+                } ORDER BY ?code
+            `;
+            const queryURL2 = `${endpointURL}?query=${encodeURIComponent(query2)}`;
+            fetchData(queryURL2, 'sous-items2', 'Activités de la NAF');
+        });
+
+        // Helper to encode URL components
+        Handlebars.registerHelper('encodeURIComponent', function(context) {
+            return encodeURIComponent(context);
+        });
+
+        // Helper to sanitize input
+        Handlebars.registerHelper('sanitize', function(context) {
+            return Handlebars.escapeExpression(context);
+        });
+    </script>
+</body>
 </html>
diff --git a/pages/common/emb2024/display-item.htm b/pages/common/emb2024/display-item.htm
index fbe80ef..6f02ae6 100644
--- a/pages/common/emb2024/display-item.htm
+++ b/pages/common/emb2024/display-item.htm
@@ -1,176 +1,264 @@
 <!DOCTYPE html>
 <html lang="fr">
-	<head>
-		<meta charset="utf-8">
-		<meta name="viewport" content="width=device-width, initial-scale=1.0">
-		<meta name="description" content="EMB - consultation">
-		<title>EMB - consultation</title>
-		<link href="../commun.css" rel="stylesheet" type="text/css"/>
-		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
-		<script>
-			var endpointURL = "https://rdf.insee.fr/sparql";
-			var racine = "http://id.insee.fr/codes/";
-			var nomenclature = "emb2024";
-			var regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
-			var replacement = 'display-item.htm?code=';
-			var itemTypes = ['Activité de la NAF', 'Produit'];
-			var parentLength = [0, 5];
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="description" content="EMB - consultation">
+    <title>EMB - consultation</title>
+    <link href="../commun.css" rel="stylesheet" type="text/css"/>
+    <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
+    <script>
+        const endpointURL = "https://rdf.insee.fr/sparql";
+        const racine = "http://id.insee.fr/codes/";
+        const nomenclature = "emb2024";
+        const regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
+        const replacement = 'display-item.htm?code=';
+        const itemTypes = ['Activité de la NAF', 'Produit'];
+        const parentLength = [0, 5];
 
-			$(document).ready(function() {
-				var codeAAffiche = getURLParameter('code');
-				var code;
-				if (codeAAffiche.length < 6) {
-					code = codeAAffiche.substring(0, 2) + "." + codeAAffiche.substring(2);
-				} else {
-					code = codeAAffiche;
-				}
-				$('#fil-ariane').html('<ul>' + breadcrumbs(code, false) + '</ul>');
-				getLabel(code);
-			});
+        document.addEventListener("DOMContentLoaded", function() {
+            const code = sanitizeInput(getURLParameter('code'));
+            if (code) {
+                const formattedCode = formatCodeWithDot(code);
+                document.getElementById('fil-ariane').innerHTML = '<ul>' + breadcrumbs(formattedCode, false) + '</ul>';
+                getLabel(formattedCode);
+            } else {
+                console.error('Code is null or empty.');
+            }
+        });
 
-			function escapeHtml(text) {
-				var map = {
-					'&': '&amp;',
-					'<': '&lt;',
-					'>': '&gt;',
-					'"': '&quot;',
-					"'": '&#039;'
-				};
-				return text.replace(/[&<>"']/g, function(m) { return map[m]; });
-			}
+        async function fetchData(query, type = "json") {
+            const headers = {
+                'Accept': type === 'n-triples' ? 'application/n-triples' : 'application/sparql-results+json'
+            };
+            try {
+                const response = await fetch(`${endpointURL}?query=${encodeURIComponent(query)}`, {
+                    method: 'GET',
+                    headers: headers,
+                });
+                if (!response.ok) {
+                    throw new Error('Network response was not ok');
+                }
+                const contentType = response.headers.get("content-type");
+                if (type === "json" && contentType.includes("application/sparql-results+json")) {
+                    return await response.json();
+                } else if (type === "n-triples" && contentType.includes("application/n-triples")) {
+                    const text = await response.text();
+                    return parseNTriples(text);
+                } else {
+                    throw new Error('Received content is not in the expected format');
+                }
+            } catch (error) {
+                console.error('Error fetching data:', error);
+                throw error;
+            }
+        }
 
-			function getLabel(code) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ";
-				query += "SELECT ?uri ?label WHERE {";
-				query += "?uri skos:prefLabel ?label ; skos:notation '" + escapeHtml(code);
-				query += "'. FILTER langMatches (lang(?label), 'fr')}";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-				var codeAAffiche = code.replace(".", "");
+        function parseNTriples(text) {
+            const triples = text.trim().split('\n').map(line => {
+                const match = line.match(/<([^>]*)>\s*<([^>]*)>\s*<([^>]*)>|<([^>]*)>\s*<([^>]*)>\s*"([^"]*)"/);
+                if (match) {
+                    return {
+                        subject: match[1] || match[4],
+                        predicate: match[2] || match[5],
+                        object: match[3] || match[6]
+                    };
+                } else {
+                    console.error('Failed to parse n-triple line:', line);
+                    return null;
+                }
+            });
+            return triples.filter(triple => triple !== null);
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var itemURI = data.results.bindings[0].uri.value;
-						$('#label').html(escapeHtml(codeAAffiche) + " - " + escapeHtml(data.results.bindings[0].label.value));
-						if (code.length > 6) {
-							getDescription(itemURI);
-						} else {
-							var childTypeIndex = (code.length == 6 ? 1 : 0);
-							getChildren(itemURI, itemTypes[childTypeIndex]);
-						}
-					} else {
-						$('#label').html("<p>Code non trouvé</p>");
-					}
-				}).fail(function() {
-					$('#label').html("<p>Erreur lors de la récupération des données</p>");
-				});
-			}
+        async function getLabel(code) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?uri ?label WHERE {
+                    ?uri skos:prefLabel ?label ; skos:notation '${encodeHTML(code)}'.
+                    FILTER langMatches (lang(?label), 'fr')
+                }
+            `;
+            try {
+                const data = await fetchData(query);
+                if (data.results.bindings.length > 0) {
+                    const itemURI = data.results.bindings[0].uri.value;
+                    document.getElementById('label').textContent = `${code} - ${data.results.bindings[0].label.value}`;
+                    if (code.length > 6) {
+                        getDescription(itemURI);
+                    } else {
+                        const childTypeIndex = (code.length === 5 ? 1 : 0);
+                        getChildren(itemURI, itemTypes[childTypeIndex], code.replace('.', ''));
+                    }
+                } else {
+                    document.getElementById('label').innerHTML = "<p>Code non trouvé</p>";
+                }
+            } catch (error) {
+                document.getElementById('label').innerHTML = "<p>Erreur lors de la récupération des données</p>";
+                console.error('Error in getLabel:', error);
+            }
+        }
 
-			function getDescription(itemURI) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + itemURI + ">";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+        async function getDescription(itemURI) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                DESCRIBE <${encodeHTML(itemURI)}>
+            `;
+            try {
+                const data = await fetchData(query, "n-triples");
+                data.forEach(triple => {
+                    const predicateValue = triple.predicate;
+                    const objectValue = triple.object;
+                    if (predicateValue === "http://www.w3.org/2004/02/skos/core#definition") getNote(objectValue, "note-generale");
+                    else if (predicateValue === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(objectValue, "note-generale");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(objectValue, "contenu-central");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(objectValue, "contenu-limite");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(objectValue, "exclusions");
+                    else if (predicateValue === "http://www.w3.org/2004/02/skos/core#note") getNote(objectValue, "remarques");
+                });
+            } catch (error) {
+                console.error('Error in getDescription:', error);
+            }
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var bindingObject = data.results.bindings[index];
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#definition") getNote(bindingObject.object.value, "note-generale");
-						if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite");
-						else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions");
-						else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques");
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        async function getChildren(itemURI, childType, code) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?code ?label WHERE {
+                    <${encodeHTML(itemURI)}> skos:relatedMatch ?child .
+                    ?child skos:notation ?code ; skos:prefLabel ?label .
+                    FILTER langMatches (lang(?label), 'fr')
+                } ORDER BY ?code
+            `;
+            try {
+                const data = await fetchData(query);
+                if (data.results.bindings.length > 0) {
+                    let innerHTML = '<p class="nom-enfants">' + escapeHtml(childType) + (data.results.bindings.length > 1 ? 's' : '') + '</p><ul class="enfants">';
+                    data.results.bindings.forEach(item => {
+                        const childCode = encodeHTML(item.code.value);
+                        const childLabel = encodeHTML(item.label.value);
+                        const displayCode = formatCodeWithDot(childCode);
+                        innerHTML += `<li><p><a href="${replacement}${encodeURIComponent(childCode.replace('.', ''))}">${displayCode} - ${childLabel}</a></p></li>`;
+                    });
+                    innerHTML += '</ul>';
+                    const sousItemsElement = document.getElementById('sous-items');
+                    sousItemsElement.innerHTML = innerHTML;
+                    sousItemsElement.classList.add("sous-items");
+                } else {
+                    document.getElementById('sous-items').innerHTML = "<p>Aucun produit trouvé</p>";
+                }
+            } catch (error) {
+                document.getElementById('sous-items').innerHTML = "<p>Erreur lors de la récupération des données</p>";
+                console.error('Error in getChildren:', error);
+            }
+        }
 
-			function getChildren(itemURI, childType) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + escapeHtml(itemURI) + "> skos:relatedMatch ?child . ";
-				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+        async function getNote(uri, tag) {
+            const query = `
+                SELECT ?text WHERE {
+                    <${encodeHTML(uri)}> <http://eurovoc.europa.eu/schema#noteLiteral> ?text
+                }
+            `;
+            try {
+                const data = await fetchData(query);
+                if (data.results.bindings.length > 0) {
+                    const noteText = encodeHTML(data.results.bindings[0].text.value.replace(regex, replacement));
+                    const tagElement = document.getElementById(tag);
+                    tagElement.innerHTML += noteText.replace(/\\\$/g, "<br />");
+                    tagElement.classList.add(tag);
+                }
+            } catch (error) {
+                console.error('Error in getNote:', error);
+            }
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var innerHTML = '<p class="nom-enfants">' + escapeHtml(childType) + (data.results.bindings.length > 1 ? 's' : '') + '</p><ul class="enfants">';
-						for (var index = 0; index < data.results.bindings.length; index++) {
-							var childCode = data.results.bindings[index].code.value;
-							innerHTML += '<li><p><a href="' + replacement + escapeHtml(childCode) + '">' + escapeHtml(childCode) + ' - ' + escapeHtml(data.results.bindings[index].label.value) + '</a></p></li>';
-						}
-						innerHTML += '</ul>';
-						$('#sous-items').html(innerHTML);
-						$('#sous-items').addClass("sous-items");
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        function getURLParameter(name) {
+            const result = new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search);
+            return result ? decodeURIComponent(result[1].replace(/\+/g, '%20')) : null;
+        }
 
-			function getURLParameter(name) {
-    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20')) || null;
-			}
+        function breadcrumbs(code, finalLink) {
+            if (!code) {
+                console.error('Code is null or empty.');
+                return '';
+            }
+            let niveau;
+            if (code.length > 6) {
+                niveau = 'Produit ';
+            } else {
+                niveau = 'Activité ';
+            }
+            const name = `${niveau}${encodeHTML(code)}`;
+            const fin = finalLink ?
+                `<li><a href="${replacement}${encodeURIComponent(code.replace('.', ''))}" title="${name}">${name}</a></li>` :
+                `<li>${name}</li>`;
 
-			function getNote(uri, tag) {
-				var query = 'SELECT ?text WHERE { <' + escapeHtml(uri) + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }';
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+            if (code.length === 6) {
+                return `<li><a href="emb.htm" title="Accueil">${nomenclature.toUpperCase()}</a></li>&nbsp;${fin}`;
+            } else {
+                const parentCode = getParentCode(code);
+                if (parentCode) {
+                    return `${breadcrumbs(parentCode, true)}&nbsp;${fin}`;
+                } else {
+                    return fin;
+                }
+            }
+        }
 
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
-						$('#' + tag).append(escapeHtml(noteText).replace(/\\\$/g, "<br />"));
-						$('#' + tag).addClass(tag);
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
+        function getParentCode(code) {
+            if (code && code.length > 6) {
+                let codeParent = code.substr(0, parentLength[1]);
+                codeParent = codeParent.substring(0, 2) + "." + codeParent.substring(2);
+                return codeParent;
+            }
+            return null;
+        }
 
-			function breadcrumbs(code, finalLink) {
-				var codeAAffiche;
-				var niveau;
-				if (code && code.length > 6) {
-					niveau = 'Produit ';
-					codeAAffiche = code;
-				} else {
-					niveau = 'Activité ';
-					codeAAffiche = code.replace(".", "");
-				}
-				var name = escapeHtml(niveau + codeAAffiche);
-				var html;
-				var fin = (finalLink ?
-					('<li><a href="' + replacement + escapeHtml(codeAAffiche) + '" title="' + name + '">' + name + '</a></li>')
-					: ('<li>' + name + '</li>')
-				);
+        function encodeHTML(str) {
+            if (str == null) {
+                return '';
+            }
+            return str.replace(/&/g, '&amp;')
+                      .replace(/</g, '&lt;')
+                      .replace(/>/g, '&gt;')
+                      .replace(/"/g, '&quot;')
+                      .replace(/'/g, '&#39;');
+        }
 
-				if (code && code.length == 6) {
-					html = '<li><a href="emb.htm" title="Accueil">' + escapeHtml(nomenclature.toUpperCase()) + '</a></li>&nbsp;' + fin;
-				} else if (code) {
-					html = breadcrumbs(getParentCode(code), true) + '&nbsp;' + fin;
-				}
-				return html;
-			}
+        function sanitizeInput(input) {
+            return input ? input.replace(/[^a-zA-Z0-9-_]/g, '') : '';
+        }
 
-			function getParentCode(code) {
-				var codeParent;
-				if (code && code.length > 6) {
-					var codeParentSansPoint = code.substr(0, parentLength[1]);
-					codeParent = codeParentSansPoint.substring(0, 2) + "." + codeParentSansPoint.substring(2);
-					return codeParent;
-				}
-				return null;
-			}
-		</script>
-	</head>
-	<body>
-		<div id="fil-ariane"></div>
-		<h1 id="label" class="item"></h1>
-		<br/>
-		<div id="notes">
-			<div id="note-generale"></div>
-			<div id="contenu-central"></div>
-			<div id="contenu-limite"></div>
-			<div id="exclusions"></div>
-			<div id="remarques"></div>
-		</div>
-		<div id="sous-items"></div>
-	</body>
+        function formatCodeWithDot(code) {
+            if (code.length === 5 && !code.includes('.')) {
+                return code.slice(0, 2) + '.' + code.slice(2);
+            }
+            return code;
+        }
+
+        function escapeHtml(text) {
+            const map = {
+                '&': '&amp;',
+                '<': '&lt;',
+                '>': '&gt;',
+                '"': '&quot;',
+                "'": '&#039;'
+            };
+            return text.replace(/[&<>"']/g, function(m) { return map[m]; });
+        }
+    </script>
+</head>
+<body>
+    <div id="fil-ariane"></div>
+    <h1 id="label" class="item"></h1>
+    <br/>
+    <div id="notes">
+        <div id="note-generale"></div>
+        <div id="contenu-central"></div>
+        <div id="contenu-limite"></div>
+        <div id="exclusions"></div>
+        <div id="remarques"></div>
+    </div>
+    <div id="sous-items"></div>
+</body>
 </html>

From 9a7ca0105b5b506a5951f5720d166f922042df20 Mon Sep 17 00:00:00 2001
From: JeromeMBourgeois <jerome.bourgeois@insee.fr>
Date: Fri, 9 Aug 2024 10:47:00 +0200
Subject: [PATCH 19/20] update naf

---
 pages/common/client-naf.html      | 153 +++++++----
 pages/common/naf/display-item.htm | 441 +++++++++++++++++++-----------
 pages/common/naf/naf.htm          | 112 +++++---
 3 files changed, 463 insertions(+), 243 deletions(-)

diff --git a/pages/common/client-naf.html b/pages/common/client-naf.html
index e6c8fb4..9c0fdb3 100644
--- a/pages/common/client-naf.html
+++ b/pages/common/client-naf.html
@@ -1,61 +1,106 @@
 <!doctype html>
 <html lang="fr">
-    <head>
-        <meta charset="utf-8">
-        <meta name="viewport" content="width=device-width, initial-scale=1.0">
-        <meta name="description" content="Recherche dans la NAF">
-        <title>Recherche dans la NAF</title>
-        <link href="../commun.css" rel="stylesheet" type="text/css"/>
-        <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script>
-        <script>
-            $(document).ready(function () {
-                $("#chercher").bind("click", function () {
-                    $("#resultat").html("<p>Code non trouvé</p>");
-                    var code = document.getElementById("code").value.trim().toUpperCase();
-                    if (code.length == 0) {
-                        $("#resultat").html("<p><b>Veuillez entrer un code</b></p>");
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="description" content="Recherche dans la NAF">
+    <title>Recherche dans la NAF</title>
+    <link href="../commun.css" rel="stylesheet" type="text/css"/>
+    <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
+    <script src="https://cdn.jsdelivr.net/npm/handlebars@latest/dist/handlebars.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.1.6/purify.min.js" integrity="sha384-+VfUPEb0PdtChMwmBcBmykRMDd+v6D/oFmB3rZM/puCMDYcIvF968OimRh4KQY9a" crossorigin="anonymous"></script>
+</head>
+<body>
+    <h1>Recherche dans la NAF</h1>
+    <div>
+        <label for="code">Code : </label>
+        <input id="code" type="text" autofocus="autofocus" />
+        <button id="chercher" required>Chercher</button><br />
+    </div>
+    <div id="resultat"></div>
+
+    <!-- Template for displaying the result -->
+    <script id="result-template" type="text/x-handlebars-template">
+        <p>{{{sanitize code}}} - {{{sanitize libelle}}}</p>
+    </script>
+
+    <script>
+        document.addEventListener("DOMContentLoaded", function () {
+            const searchButton = document.getElementById("chercher");
+
+            searchButton.addEventListener("click", async function () {
+                const resultElement = document.getElementById("resultat");
+                resultElement.innerHTML = "<p>Code non trouvé</p>";
+
+                // Step 1: Get the input code and check if it contains the dot
+                let code = document.getElementById("code").value.trim().toUpperCase();
+                // console.log("Code entered by user:", code);  // Log the initial code
+
+                if (code.length === 0) {
+                    resultElement.innerHTML = "<p><b>Veuillez entrer un code</b></p>";
+                    return;
+                }
+
+                // Step 2: Sanitize input and check if the dot is still present
+                const sanitizedCode = sanitizeInput(code);
+                // console.log("Sanitized code:", sanitizedCode);  // Log the sanitized code
+
+                const query = `
+                    PREFIX skos: <http://www.w3.org/2004/02/skos/core#>
+                    SELECT ?libelle WHERE {
+                        ?s skos:notation "${sanitizedCode}" .
+                        ?s skos:prefLabel ?libelle .
+                        FILTER (lang(?libelle) = 'fr')
+                    }
+                `;
+
+                // console.log("SPARQL Query:", query);  // Log the SPARQL query
+
+                const url = `https://rdf.insee.fr/sparql?query=${encodeURIComponent(query)}`;
+
+                try {
+                    const response = await fetch(url, {
+                        headers: {
+                            'Accept': 'application/sparql-results+json'
+                        }
+                    });
+
+                    if (!response.ok) {
+                        throw new Error('Network response was not ok');
+                    }
+
+                    const data = await response.json();
+
+                    if (data.results.bindings.length > 0) {
+                        const templateSource = document.getElementById('result-template').innerHTML;
+                        const template = Handlebars.compile(templateSource);
+
+                        const context = {
+                            code: Handlebars.escapeExpression(sanitizedCode),
+                            libelle: Handlebars.escapeExpression(data.results.bindings[0].libelle.value)
+                        };
+
+                        const sanitizedHTML = DOMPurify.sanitize(template(context));
+                        resultElement.innerHTML = sanitizedHTML;
                     } else {
-                        var query =
-                            "prefix skos: <http://www.w3.org/2004/02/skos/core#> select ?libelle from <http://rdf.insee.fr/graphes/codes/nafr2> ";
-                        query +=
-                            'where {?s skos:notation "' +
-                            escapeHtml(code) +
-                            "\" . ?s skos:prefLabel ?libelle filter(lang(?libelle) = 'fr')}";
-                        var url = "https://rdf.insee.fr/sparql?query=" + encodeURIComponent(query);
-
-                        $.getJSON(url).done(function (data) {
-                            if (data.results.bindings.length > 0) {
-                                var libelle = data.results.bindings[0].libelle.value;
-                                $("#resultat").html("<p>" + escapeHtml(code) + " - " + escapeHtml(libelle) + "</p>");
-                            } else {
-                                $("#resultat").html("<p>Code non trouvé</p>");
-                            }
-                        }).fail(function () {
-                            $("#resultat").html("<p>Erreur lors de la récupération des données</p>");
-                        });
+                        resultElement.innerHTML = "<p>Code non trouvé</p>";
                     }
-                });
-
-                function escapeHtml(text) {
-                    var map = {
-                        '&': '&amp;',
-                        '<': '&lt;',
-                        '>': '&gt;',
-                        '"': '&quot;',
-                        "'": '&#039;'
-                    };
-                    return text.replace(/[&<>"']/g, function(m) { return map[m]; });
+                } catch (error) {
+                    resultElement.innerHTML = "<p>Erreur lors de la récupération des données</p>";
+                    // console.error('Error fetching data:', error);
                 }
             });
-        </script>
-    </head>
-    <body>
-        <h1>Recherche dans la NAF</h1>
-        <div>
-            <label for="code">Code : </label>
-            <input id="code" type="text" autofocus="autofocus" />
-            <button id="chercher" required>Chercher</button><br />
-        </div>
-        <div id="resultat"></div>
-    </body>
+
+            function sanitizeInput(input) {
+                // Step 3: Ensure the dot is not removed
+                return input.replace(/[^a-zA-Z0-9.\-_]/g, '');
+            }
+        });
+
+        // Handlebars helper for sanitizing output
+        Handlebars.registerHelper('sanitize', function(context) {
+            return Handlebars.escapeExpression(context);
+        });
+    </script>
+</body>
 </html>
diff --git a/pages/common/naf/display-item.htm b/pages/common/naf/display-item.htm
index f032a0c..69a21cd 100644
--- a/pages/common/naf/display-item.htm
+++ b/pages/common/naf/display-item.htm
@@ -1,160 +1,287 @@
 <!DOCTYPE html>
 <html lang="fr">
-	<head>
-		<meta charset="utf-8">
-		<meta name="viewport" content="width=device-width, initial-scale=1.0">
-		<meta name="description" content="NAF 2008 - consultation">
-		<title>NAF 2008 - consultation</title>
-		<link href="../commun.css" rel="stylesheet" type="text/css"/>
-		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
-		<script>
-			var endpointURL = "https://rdf.insee.fr/sparql";
-			var regex = new RegExp('http://id.insee.fr/codes/nafr2/[a-zC]+/', "g");
-			var replacement = 'display-item.htm?code=';
-			var itemTypes = ['', 'Section', 'Division', '', 'Groupe', 'Classe', 'Sous-classe'];
-			var parentLength = [0, 0, 1, 0, 2, 4, 5];
-			var sections = "ABCDEFGHIJKLMNOPQRSTU";
-			var sectionBounds = [1, 5, 10, 35, 36, 41, 45, 49, 55, 58, 64, 68, 69, 77, 84, 85, 86, 90, 94, 97, 99];
-
-			$(document).ready(function() {
-				var code = getURLParameter('code');
-				$('#fil-ariane').html('<ul>' + breadcrumbs(code, false) + '</ul>');
-				getLabel(code);
-			});
-
-			function escapeHtml(text) {
-				var map = {
-					'&': '&amp;',
-					'<': '&lt;',
-					'>': '&gt;',
-					'"': '&quot;',
-					"'": '&#039;'
-				};
-				return text.replace(/[&<>"']/g, function(m) { return map[m]; });
-			}
-
-			function getLabel(code) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ";
-				query += "SELECT ?uri ?label WHERE {GRAPH <http://rdf.insee.fr/graphes/codes/nafr2> { ?uri skos:prefLabel ?label ; skos:notation '"
-				query += escapeHtml(code) + "'. FILTER langMatches (lang(?label), 'fr')} . }";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var itemURI = data.results.bindings[0].uri.value;
-						$('#label').html(escapeHtml(code) + " - " + escapeHtml(data.results.bindings[0].label.value));
-						getDescription(itemURI);
-						var childTypeIndex = (code.length == 2 ? 4 : code.length + 1);
-						getChildren(itemURI, itemTypes[childTypeIndex]);
-					} else {
-						$('#label').html("<p>Code non trouvé</p>");
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
-
-			function getDescription(itemURI) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> DESCRIBE <" + itemURI + ">";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						for (var index = 0; index < data.results.bindings.length; index++) {
-							var bindingObject = data.results.bindings[index];
-							if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(bindingObject.object.value, "note-generale");
-							else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(bindingObject.object.value, "contenu-central");
-							else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(bindingObject.object.value, "contenu-limite");
-							else if (bindingObject.predicate.value === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(bindingObject.object.value, "exclusions");
-							else if (bindingObject.predicate.value === "http://www.w3.org/2004/02/skos/core#note") getNote(bindingObject.object.value, "remarques");
-						}
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
-
-			function getChildren(itemURI, childType) {
-				var query = "PREFIX skos:<http://www.w3.org/2004/02/skos/core#> SELECT ?code ?label WHERE { <" + escapeHtml(itemURI) + "> skos:narrower ?child . ";
-				query += "?child skos:notation ?code ; skos:prefLabel ?label . FILTER langMatches (lang(?label), 'fr') } ORDER BY ?code";
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var innerHTML = '<p class="nom-enfants">' + escapeHtml(childType) + (data.results.bindings.length > 1 ? 's' : '') + '</p><ul class="enfants">';
-						for (var index = 0; index < data.results.bindings.length; index++) {
-							var childCode = data.results.bindings[index].code.value;
-							innerHTML += '<li><p><a href="display-item.htm?code=' + escapeHtml(childCode) + '">' + escapeHtml(childCode) + ' - ' + escapeHtml(data.results.bindings[index].label.value) + '</a></p></li>';
-						}
-						innerHTML += '</ul>';
-						$('#sous-items').html(innerHTML);
-						$('#sous-items').addClass("sous-items");
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
-
-			function getURLParameter(name) {
-    			return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20')) || null;
-			}
-
-			function getNote(uri, tag) {
-				var query = 'SELECT ?text WHERE { <' + uri + '> <http://eurovoc.europa.eu/schema#noteLiteral> ?text }';
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-
-				$.getJSON(queryURL).done(function(data) {
-					if (data.results.bindings.length > 0) {
-						var noteText = data.results.bindings[0].text.value.replace(regex, replacement);
-						$('#' + tag).append(escapeHtml(noteText).replace(/\\\$/g, "<br />"));
-						$('#' + tag).addClass(tag);
-					}
-				}).fail(function() {
-					// Handle error silently
-				});
-			}
-
-			function breadcrumbs(code, finalLink) {
-				var name = escapeHtml(itemTypes[code.length] + ' ' + code);
-				var html;
-				var fin = (finalLink ?
-					('<li><a href="display-item.htm?code=' + escapeHtml(code) + '" title="' + name + '">' + name + '</a></li>')
-					: ('<li>' + name + '</li>')
-				);
-
-				if (code.length == 1) {
-					html = '<li><a href="naf.htm" title="Accueil">NAF</a></li>&nbsp;' + fin;
-				} else {
-					html = breadcrumbs(getParentCode(code), true) + '&nbsp;' + fin;
-				}
-				return html;
-			}
-
-			function getParentCode(code) {
-				if (code.length > 3) return code.substr(0, parentLength[code.length]);
-				if (code.length == 2) {
-					var codeNum = parseFloat(code);
-					for (var index = 0; index < sectionBounds.length; index++) {
-						if (codeNum < sectionBounds[index]) return sections.substr(index - 1, 1);
-					}
-					return sections.substr(sectionBounds.length - 1, 1);
-				}
-				return null;
-			}
-
-		</script>
-	</head>
-	<body>
-		<div id="fil-ariane"></div>
-		<h1 id="label" class="item"></h1>
-		<br/>
-		<div id="notes">
-			<div id="note-generale"></div>
-			<div id="contenu-central"></div>
-			<div id="contenu-limite"></div>
-			<div id="exclusions"></div>
-			<div id="remarques"></div>
-		</div>
-		<div id="sous-items"></div>
-	</body>
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="description" content="NAF 2008 - consultation">
+    <title>NAF 2008 - consultation</title>
+    <link href="../commun.css" rel="stylesheet" type="text/css"/>
+    <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
+    <script>
+        const endpointURL = "https://rdf.insee.fr/sparql";
+        const racine = "http://id.insee.fr/codes/";
+        const nomenclature = "nafr2";
+        const regex = new RegExp(racine + nomenclature + "/[A-Z0-9]+/", "g");
+        const replacement = 'display-item.htm?code=';
+        const itemTypes = ['Section', 'Division', 'Groupe', 'Classe', 'Sous-classe'];
+        const parentLength = [0, 0, 1, 2, 4, 5];
+
+        document.addEventListener("DOMContentLoaded", function() {
+            const code = sanitizeInput(getURLParameter('code'));
+            if (code) {
+                const formattedCode = formatCodeWithDot(code);
+                document.getElementById('fil-ariane').innerHTML = '<ul>' + breadcrumbs(formattedCode, false) + '</ul>';
+                getLabel(formattedCode);
+            } else {
+                console.error('Code is null or empty.');
+            }
+        });
+
+        async function fetchData(query, type = "json") {
+            const headers = {
+                'Accept': type === 'n-triples' ? 'application/n-triples' : 'application/sparql-results+json'
+            };
+            try {
+                const response = await fetch(`${endpointURL}?query=${encodeURIComponent(query)}`, {
+                    method: 'GET',
+                    headers: headers,
+                });
+                if (!response.ok) {
+                    throw new Error('Network response was not ok');
+                }
+                const contentType = response.headers.get("content-type");
+                if (type === "json" && contentType.includes("application/sparql-results+json")) {
+                    return await response.json();
+                } else if (type === "n-triples" && contentType.includes("application/n-triples")) {
+                    const text = await response.text();
+                    return parseNTriples(text);
+                } else {
+                    throw new Error('Received content is not in the expected format');
+                }
+            } catch (error) {
+                console.error('Error fetching data:', error);
+                throw error;
+            }
+        }
+
+        function parseNTriples(text) {
+            const triples = text.trim().split('\n').map(line => {
+                const match = line.match(/<([^>]*)>\s*<([^>]*)>\s*<([^>]*)>|<([^>]*)>\s*<([^>]*)>\s*"([^"]*)"/);
+                if (match) {
+                    return {
+                        subject: match[1] || match[4],
+                        predicate: match[2] || match[5],
+                        object: match[3] || match[6]
+                    };
+                } else {
+                    console.error('Failed to parse n-triple line:', line);
+                    return null;
+                }
+            });
+            return triples.filter(triple => triple !== null);
+        }
+
+        async function getLabel(code) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?uri ?label WHERE {
+                    GRAPH <http://rdf.insee.fr/graphes/codes/${nomenclature}> {
+                        ?uri skos:prefLabel ?label ; skos:notation '${encodeHTML(code)}'.
+                        FILTER langMatches (lang(?label), 'fr')
+                    }
+                }
+            `;
+            try {
+                const data = await fetchData(query);
+                if (data.results.bindings.length > 0) {
+                    const itemURI = data.results.bindings[0].uri.value;
+                    document.getElementById('label').textContent = `${code} - ${data.results.bindings[0].label.value}`;
+                    getDescription(itemURI);
+                    const childTypeIndex = code.length === 1 ? 1 : code.length;
+                    getChildren(itemURI, itemTypes[childTypeIndex]);
+                } else {
+                    document.getElementById('label').innerHTML = "<p>Code non trouvé</p>";
+                }
+            } catch (error) {
+                document.getElementById('label').innerHTML = "<p>Erreur lors de la récupération des données</p>";
+                console.error('Error in getLabel:', error);
+            }
+        }
+
+        async function getDescription(itemURI) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                DESCRIBE <${encodeHTML(itemURI)}>
+            `;
+            try {
+                const data = await fetchData(query, "n-triples");
+                data.forEach(triple => {
+                    const predicateValue = triple.predicate;
+                    const objectValue = triple.object;
+                    if (predicateValue === "http://www.w3.org/2004/02/skos/core#scopeNote") getNote(objectValue, "note-generale");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#coreContentNote") getNote(objectValue, "contenu-central");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#additionalContentNote") getNote(objectValue, "contenu-limite");
+                    else if (predicateValue === "http://rdf-vocabulary.ddialliance.org/xkos#exclusionNote") getNote(objectValue, "exclusions");
+                    else if (predicateValue === "http://www.w3.org/2004/02/skos/core#note") getNote(objectValue, "remarques");
+                });
+            } catch (error) {
+                console.error('Error in getDescription:', error);
+            }
+        }
+
+        async function getChildren(itemURI, childType) {
+            const query = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?code ?label WHERE {
+                    <${encodeHTML(itemURI)}> skos:narrower ?child .
+                    ?child skos:notation ?code ; skos:prefLabel ?label .
+                    FILTER langMatches (lang(?label), 'fr')
+                } ORDER BY ?code
+            `;
+            try {
+                const data = await fetchData(query);
+                if (data.results.bindings.length > 0) {
+                    let innerHTML = '<p class="nom-enfants">' + escapeHtml(childType) + (data.results.bindings.length > 1 ? 's' : '') + '</p><ul class="enfants">';
+                    data.results.bindings.forEach(item => {
+                        const childCode = encodeHTML(item.code.value);
+                        const childLabel = encodeHTML(item.label.value);
+                        innerHTML += `<li><p><a href="${replacement}${encodeURIComponent(childCode)}">${childCode} - ${childLabel}</a></p></li>`;
+                    });
+                    innerHTML += '</ul>';
+                    const sousItemsElement = document.getElementById('sous-items');
+                    sousItemsElement.innerHTML = innerHTML;
+                    sousItemsElement.classList.add("sous-items");
+                } else {
+                    document.getElementById('sous-items').innerHTML = "<p>Aucun élément trouvé</p>";
+                }
+            } catch (error) {
+                document.getElementById('sous-items').innerHTML = "<p>Erreur lors de la récupération des données</p>";
+                console.error('Error in getChildren:', error);
+            }
+        }
+
+        async function getNote(uri, tag) {
+            const query = `
+                SELECT ?text WHERE {
+                    <${encodeHTML(uri)}> <http://eurovoc.europa.eu/schema#noteLiteral> ?text
+                }
+            `;
+            try {
+                const data = await fetchData(query);
+                if (data.results.bindings.length > 0) {
+                    const noteText = encodeHTML(data.results.bindings[0].text.value.replace(regex, replacement));
+                    const tagElement = document.getElementById(tag);
+                    tagElement.innerHTML += noteText.replace(/\\\$/g, "<br />");
+                    tagElement.classList.add(tag);
+                }
+            } catch (error) {
+                console.error('Error in getNote:', error);
+            }
+        }
+
+        function getURLParameter(name) {
+            const result = new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search);
+            return result ? decodeURIComponent(result[1].replace(/\+/g, '%20')) : null;
+        }
+
+		function breadcrumbs(code, finalLink) {
+    if (!code) {
+        console.error('Code is null or empty.');
+        return '';
+    }
+
+    const niveau = determineNiveau(code.length);
+    const name = `${niveau}${encodeHTML(code)}`;
+    const fin = finalLink ?
+        `<li><a href="${replacement}${encodeURIComponent(code)}" title="${name}">${name}</a></li>` :
+        `<li>${name}</li>`;
+
+    if (code.length === 1) {
+        return `<li><a href="naf.htm" title="Accueil">NAF</a></li>&nbsp;${fin}`;
+    } else {
+        const parentCode = getParentCode(code);
+        if (parentCode && parentCode !== code) {
+            return `${breadcrumbs(parentCode, true)}&nbsp;${fin}`;
+        } else {
+            return fin;
+        }
+    }
+}
+
+function getParentCode(code) {
+    // Si le code est déjà au niveau le plus élevé, il ne devrait pas avoir de parent.
+    if (code.length <= 1) {
+        return null;
+    }
+
+    // Logique pour calculer le code parent en fonction de la longueur du code.
+    if (code.length === 2) {
+        const codeNum = parseInt(code);
+        const sectionBounds = [1, 5, 10, 35, 36, 41, 45, 49, 55, 58, 64, 68, 69, 77, 84, 85, 86, 90, 94, 97, 99];
+        const sections = "ABCDEFGHIJKLMNOPQRSTU";
+        for (let index = 0; index < sectionBounds.length; index++) {
+            if (codeNum < sectionBounds[index]) return sections[index - 1];
+        }
+        return sections[sections.length - 1];
+    }
+
+    if (code.length > 2) {
+        return code.slice(0, -1); // Supprimez le dernier caractère pour obtenir le code parent
+    }
+
+    return null;
+}
+
+function determineNiveau(length) {
+    switch (length) {
+        case 1: return 'Section ';
+        case 2: return 'Division ';
+        case 3: return 'Groupe ';
+        case 4: return 'Classe ';
+        case 5: return 'Sous-classe ';
+        default: return '';
+    }
+}
+
+        function encodeHTML(str) {
+            if (str == null) {
+                return '';
+            }
+            return str.replace(/&/g, '&amp;')
+                      .replace(/</g, '&lt;')
+                      .replace(/>/g, '&gt;')
+                      .replace(/"/g, '&quot;')
+                      .replace(/'/g, '&#39;');
+        }
+
+        function sanitizeInput(input) {
+            return input ? input.replace(/[^a-zA-Z0-9.-_]/g, '') : '';
+        }
+
+		function escapeHtml(text) {
+    if (typeof text !== 'string') {
+        console.error('Expected a string but got:', text);
+        return '';
+    }
+    const map = {
+        '&': '&amp;',
+        '<': '&lt;',
+        '>': '&gt;',
+        '"': '&quot;',
+        "'": '&#039;'
+    };
+    return text.replace(/[&<>"']/g, function(m) { return map[m]; });
+}
+
+        function formatCodeWithDot(code) {
+            if (code.length === 4 && !code.includes('.')) {
+                return code.slice(0, 2) + '.' + code.slice(2);
+            }
+            return code;
+        }
+    </script>
+</head>
+<body>
+    <div id="fil-ariane"></div>
+    <h1 id="label" class="item"></h1>
+    <br/>
+    <div id="notes">
+        <div id="note-generale"></div>
+        <div id="contenu-central"></div>
+        <div id="contenu-limite"></div>
+        <div id="exclusions"></div>
+        <div id="remarques"></div>
+    </div>
+    <div id="sous-items"></div>
+</body>
 </html>
diff --git a/pages/common/naf/naf.htm b/pages/common/naf/naf.htm
index 083e3c4..0e6eab1 100644
--- a/pages/common/naf/naf.htm
+++ b/pages/common/naf/naf.htm
@@ -1,38 +1,86 @@
 <!DOCTYPE html>
-<html>
-		<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
-        <title>NAF 2008 - consultation</title>
-        <link href="../commun.css" rel="stylesheet" type="text/css"/>
-		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
-		<script>
-			var endpointURL = "http://rdf.insee.fr/sparql";
+<html lang="fr">
+<head>
+    <meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
+    <title>NAF 2008 - consultation</title>
+    <link href="../commun.css" rel="stylesheet" type="text/css"/>
+    <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
+    <script src="https://cdn.jsdelivr.net/npm/handlebars@latest/dist/handlebars.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.1.6/purify.min.js" integrity="sha384-+VfUPEb0PdtChMwmBcBmykRMDd+v6D/oFmB3rZM/puCMDYcIvF968OimRh4KQY9a" crossorigin="anonymous"></script>
+</head>
+<body>
+    <h1 class="titre-class">Nomenclature d'activités française - NAF rév. 2, 2008</h1>
+    <div class="note-generale">
+        <p>La nomenclature d'activités française révision 2 (NAF rév. 2, 2008) est la nomenclature statistique nationale d'activités qui s'est substituée depuis le 1er janvier 2008 à la NAF rév. 1 datant de 2003.</p>
+    </div>
+    <div id="sous-items" class="sous-items"></div>
 
-			$(document).ready(function() {
+    <!-- Template for displaying the sections -->
+    <script id="items-template" type="text/x-handlebars-template">
+        <p class="nom-enfants">Sections</p>
+        <ul class="enfants">
+            {{#each items}}
+                <li><p><a href="display-item.htm?code={{encodeURIComponent code}}">{{{displayCode}}} - {{{displayLabel}}}</a></p></li>
+            {{/each}}
+        </ul>
+    </script>
 
-				var query = 'PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ';
-				query += 'SELECT ?code ?label WHERE {GRAPH <http://rdf.insee.fr/graphes/codes/nafr2> { ?uri skos:prefLabel ?label ; skos:notation ?code . '
-				query += '<http://id.insee.fr/codes/nafr2/sections> skos:member ?uri .  FILTER langMatches (lang(?label), "fr")} . } ORDER BY ?code';
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
+    <script>
+        document.addEventListener("DOMContentLoaded", function () {
+            const endpointURL = "https://rdf.insee.fr/sparql";
+            const query = `
+                PREFIX skos: <http://www.w3.org/2004/02/skos/core#>
+                SELECT ?code ?label WHERE {
+                    GRAPH <http://rdf.insee.fr/graphes/codes/nafr2> {
+                        ?uri skos:prefLabel ?label ;
+                             skos:notation ?code .
+                        <http://id.insee.fr/codes/nafr2/sections> skos:member ?uri .
+                        FILTER langMatches(lang(?label), "fr")
+                    }
+                } ORDER BY ?code
+            `;
+            const queryURL = `${endpointURL}?query=${encodeURIComponent(query)}`;
 
-				$.getJSON(queryURL).success(function(data) {
+            fetch(queryURL, {
+                headers: {
+                    'Accept': 'application/sparql-results+json'
+                }
+            })
+            .then(response => {
+                if (!response.ok) {
+                    throw new Error('Network response was not ok');
+                }
+                return response.json();
+            })
+            .then(data => {
+                const templateSource = document.getElementById('items-template').innerHTML;
+                const template = Handlebars.compile(templateSource);
 
-					var innerHTML = '<p class="nom-enfants">Sections</p><ul class="enfants">';
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var childCode = data.results.bindings[index].code.value;
-						innerHTML += '<li><p><a href="display-item.htm?code=' + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
-					}
-					innerHTML += '</ul>';
-					$('#sous-items').html(innerHTML);
-				});
-			});
+                const context = {
+                    items: data.results.bindings.map(item => ({
+                        code: DOMPurify.sanitize(item.code.value),
+                        displayCode: Handlebars.escapeExpression(item.code.value), // Still sanitize for safety
+                        displayLabel: item.label.value // Directly use the label without further escaping
+                    }))
+                };
 
-		</script>
-	</head>
-	<body>
-		<h1 class="titre-class">Nomenclature d'activités française - NAF rév. 2, 2008</h1>
-		<div class="note-generale">
-			<p>La nomenclature d'activités française révision 2 (NAF rév. 2, 2008) est la nomenclature statistique nationale d'activités qui s'est substituée depuis le 1er janvier 2008 à la NAF rév. 1 datant de 2003.</p>
-		</div>
-		<div id="sous-items" class="sous-items"></div>
-	</body>
-</html>
\ No newline at end of file
+                const sanitizedHTML = DOMPurify.sanitize(template(context));
+                document.getElementById('sous-items').innerHTML = sanitizedHTML;
+            })
+            .catch(error => {
+                console.error('Error fetching data:', error);
+                document.getElementById('sous-items').innerHTML = "<p>Erreur lors de la récupération des données</p>";
+            });
+        });
+
+        // Handlebars helpers
+        Handlebars.registerHelper('encodeURIComponent', function(context) {
+            return encodeURIComponent(context);
+        });
+
+        Handlebars.registerHelper('sanitize', function(context) {
+            return Handlebars.escapeExpression(context);
+        });
+    </script>
+</body>
+</html>

From 98b61f07095ccebd6d9ebf75562f898d9b0fb4c0 Mon Sep 17 00:00:00 2001
From: JeromeMBourgeois <jerome.bourgeois@insee.fr>
Date: Fri, 9 Aug 2024 11:12:17 +0200
Subject: [PATCH 20/20] Fix(emb2024AndNaf)

---
 pages/common/emb2024/emb.htm      | 168 +++++++++++++++++++-----------
 pages/common/naf/display-item.htm |  17 +--
 2 files changed, 120 insertions(+), 65 deletions(-)

diff --git a/pages/common/emb2024/emb.htm b/pages/common/emb2024/emb.htm
index 25be423..0a17d9f 100644
--- a/pages/common/emb2024/emb.htm
+++ b/pages/common/emb2024/emb.htm
@@ -1,60 +1,112 @@
 <!DOCTYPE html>
-<html>
-		<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
-        <title>Consultation - EMB 2024</title>
-        <link href="../commun.css" rel="stylesheet" type="text/css"/>
-		<script src="https://code.jquery.com/jquery-1.11.1.min.js"></script>
-		<script>
-			var endpointURL = "https://rdf.insee.fr/sparql";
-			var racine = "http://id.insee.fr/codes/";
-			var nomenclature="emb2024";
-			var niveau="produits"
-			//var niveau2="nafr2"
-			$(document).ready(function() {
-
-				var query = 'PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ';
-				query += 'SELECT ?code ?label WHERE {GRAPH <http://rdf.insee.fr/graphes/codes/'+nomenclature+'> { ?uri skos:prefLabel ?label ; skos:notation ?code . '
-				query += '<'+racine+nomenclature+'/'+niveau+'> skos:member ?uri .  FILTER langMatches (lang(?label), "fr")} . } ORDER BY ?code';
-				var queryURL = endpointURL + "?query=" + encodeURIComponent(query);
-
-				$.getJSON(queryURL).success(function(data) {
-
-					var innerHTML = '<p class="nom-enfants">Produits</p><ul class="enfants">';
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var childCode = data.results.bindings[index].code.value;
-						innerHTML += '<li><p><a href="display-item.htm?code=' + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
-					}
-					innerHTML += '</ul>';
-					$('#sous-items').html(innerHTML);
-				});
-				
-				
-				var query2 = 'PREFIX skos:<http://www.w3.org/2004/02/skos/core#> ';
-				query2 += 'SELECT distinct ?code ?label WHERE {?uri skos:prefLabel ?label ; skos:notation ?code ; skos:relatedMatch ?child . '
-				query2 += '<'+racine+nomenclature+'/'+niveau+'> skos:member ?child .  FILTER langMatches (lang(?label), "fr") } ORDER BY ?code';
-				
-				var queryURL2 = endpointURL + "?query=" + encodeURIComponent(query2);
-					
-					$.getJSON(queryURL2).success(function(data) {
-					var innerHTML = '<p class="nom-enfants"> Activités de la NAF </p><ul class="enfants">';
-					for (var index = 0; index < data.results.bindings.length; index++) {
-						var childCode = data.results.bindings[index].code.value.replace('.','');
-						innerHTML += '<li><p><a href="display-item.htm?code=' + childCode + '">' + childCode + ' - ' + data.results.bindings[index].label.value + '</a></p></li>';
-					}
-					innerHTML += '</ul>';
-					
-					$('#sous-items2').html(innerHTML);
-					});
-			});
-
-		</script>
-	</head>
-	<body>
-		<h1 class="titre-class">Nomenclatures des Enquêtes Mensuelles de Branche (EMB) 2024</h1>
-		<div class="note-generale">
-			<p>Liste des produits des Enquêtes Mensuelles de Branche 2024</p>
-		</div>
-		<div id="sous-items" class="sous-items" style="width: 45%; float: left;"></div>
-		<div id="sous-items2" class="sous-items" style="width: 45%; float: left;"></div>
-	</body>
+<html lang="fr">
+<head>
+    <meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
+    <title>Consultation - EMB 2024</title>
+    <link href="../commun.css" rel="stylesheet" type="text/css"/>
+    <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script>
+    <script src="https://cdn.jsdelivr.net/npm/handlebars@latest/dist/handlebars.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.1.6/purify.min.js" integrity="sha384-+VfUPEb0PdtChMwmBcBmykRMDd+v6D/oFmB3rZM/puCMDYcIvF968OimRh4KQY9a" crossorigin="anonymous"></script>
+</head>
+<body>
+    <h1 class="titre-class">Nomenclatures des Enquêtes Mensuelles de Branche (EMB) 2024</h1>
+    <div class="note-generale">
+        <p>Liste des produits des Enquêtes Mensuelles de Branche 2024</p>
+    </div>
+    <div id="sous-items1" class="sous-items" style="width: 45%; float: left;"></div>
+    <div id="sous-items2" class="sous-items" style="width: 45%; float: left;"></div>
+
+    <!-- Template for items -->
+    <script id="items-template" type="text/x-handlebars-template">
+        <p class="nom-enfants">{{sanitize title}}</p>
+        <ul class="enfants">
+        {{#each items}}
+            <li><p><a href="display-item.htm?code={{encodeURIComponent correctedCode}}">{{{displayCode}}} - {{{label}}}</a></p></li>
+        {{/each}}
+        </ul>
+    </script>
+
+    <script>
+        const endpointURL = "https://rdf.insee.fr/sparql";
+        const racine = "http://id.insee.fr/codes/";
+        const nomenclature = "emb2024";
+        const niveau = "produits";
+        const niveau2 = "produits";
+
+        document.addEventListener("DOMContentLoaded", function() {
+            const fetchData = (queryURL, elementId, title) => {
+                fetch(queryURL, {
+                    headers: {
+                        'Accept': 'application/sparql-results+json'
+                    }
+                })
+                .then(response => {
+                    if (!response.ok) {
+                        throw new Error('Network response was not ok');
+                    }
+                    return response.json();
+                })
+                .then(data => {
+                    const templateSource = document.getElementById('items-template').innerHTML;
+                    const template = Handlebars.compile(templateSource);
+
+                    const context = {
+                        title: DOMPurify.sanitize(title),
+                        items: data.results.bindings.map(item => {
+                            const code = item.code.value;
+                            const displayCode = (code.length === 6 && code.includes('.')) ? code : code.slice(0, 2) + '.' + code.slice(2);
+                            return {
+                                correctedCode: encodeURIComponent(code.replace('.', '')),
+                                displayCode: Handlebars.escapeExpression(displayCode),
+                                label: Handlebars.escapeExpression(item.label.value)
+                            };
+                        })
+                    };
+
+                    // Sanitize the compiled HTML before injecting it into the DOM
+                    const sanitizedHTML = DOMPurify.sanitize(template(context));
+                    document.getElementById(elementId).innerHTML = sanitizedHTML;
+                })
+                .catch(error => console.error('Error fetching data:', error));
+            };
+
+            const query1 = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT ?code ?label WHERE {
+                    GRAPH <http://rdf.insee.fr/graphes/codes/${nomenclature}> {
+                        ?uri skos:prefLabel ?label ;
+                             skos:notation ?code .
+                        <${racine}${nomenclature}/${niveau}> skos:member ?uri .
+                        FILTER langMatches(lang(?label), "fr")
+                    }
+                } ORDER BY ?code
+            `;
+            const queryURL1 = `${endpointURL}?query=${encodeURIComponent(query1)}`;
+            fetchData(queryURL1, 'sous-items1', 'Liste des produits');
+
+            const query2 = `
+                PREFIX skos:<http://www.w3.org/2004/02/skos/core#>
+                SELECT distinct ?code ?label WHERE {
+                    ?uri skos:prefLabel ?label ;
+                         skos:notation ?code ;
+                         skos:relatedMatch ?child .
+                    <${racine}${nomenclature}/${niveau2}> skos:member ?child .
+                    FILTER langMatches(lang(?label), "fr")
+                } ORDER BY ?code
+            `;
+            const queryURL2 = `${endpointURL}?query=${encodeURIComponent(query2)}`;
+            fetchData(queryURL2, 'sous-items2', 'Activités de la NAF');
+        });
+
+        // Helper to encode URL components
+        Handlebars.registerHelper('encodeURIComponent', function(context) {
+            return encodeURIComponent(context);
+        });
+
+        // Helper to sanitize input
+        Handlebars.registerHelper('sanitize', function(context) {
+            return Handlebars.escapeExpression(context);
+        });
+    </script>
+</body>
 </html>
diff --git a/pages/common/naf/display-item.htm b/pages/common/naf/display-item.htm
index 69a21cd..12def2c 100644
--- a/pages/common/naf/display-item.htm
+++ b/pages/common/naf/display-item.htm
@@ -169,21 +169,23 @@
             }
         }
 
-        function getURLParameter(name) {
-            const result = new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search);
-            return result ? decodeURIComponent(result[1].replace(/\+/g, '%20')) : null;
-        }
+		function getURLParameter(name) {
+    const result = new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search);
+    const paramValue = result ? decodeURIComponent(result[1].replace(/\+/g, '%20')) : null;
+    return sanitizeInput(paramValue);  // Sanitize the input here
+}
 
-		function breadcrumbs(code, finalLink) {
+function breadcrumbs(code, finalLink) {
     if (!code) {
         console.error('Code is null or empty.');
         return '';
     }
 
     const niveau = determineNiveau(code.length);
-    const name = `${niveau}${encodeHTML(code)}`;
+    const sanitizedCode = encodeHTML(code);
+    const name = `${niveau}${sanitizedCode}`;
     const fin = finalLink ?
-        `<li><a href="${replacement}${encodeURIComponent(code)}" title="${name}">${name}</a></li>` :
+        `<li><a href="${replacement}${encodeURIComponent(sanitizedCode)}" title="${name}">${name}</a></li>` :
         `<li>${name}</li>`;
 
     if (code.length === 1) {
@@ -198,6 +200,7 @@
     }
 }
 
+
 function getParentCode(code) {
     // Si le code est déjà au niveau le plus élevé, il ne devrait pas avoir de parent.
     if (code.length <= 1) {