From 6df982d5bacc62db548234cfc6229dee9298b532 Mon Sep 17 00:00:00 2001
From: Philip DeFraties <65036872+PhilipDeFraties@users.noreply.github.com>
Date: Fri, 6 Dec 2024 11:59:52 -0700
Subject: [PATCH] dm-4881 dom text reinterpret / xss codeql warning 3 (#1133)

---
 app/assets/javascripts/practice_page.es6 | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/app/assets/javascripts/practice_page.es6 b/app/assets/javascripts/practice_page.es6
index d928f3900..704c59873 100644
--- a/app/assets/javascripts/practice_page.es6
+++ b/app/assets/javascripts/practice_page.es6
@@ -56,14 +56,11 @@
         const moreText = 'See more';
         const lessText = 'See less';
         let t = $(element).text();
-        let firstHalf = `${t.slice(
-          0,
-          showChar
-        )}<span>${ellipsesText} </span><button type="button" class="dm-button--unstyled-primary more-link">${moreText}</button>`;
-        let secondHalf = `<span style="display:none;">${t.slice(
-          showChar,
-          t.length
-        )} <button type="button" class="dm-button--unstyled-primary less-link">${lessText}</button></span>`;
+        let firstHalf = `${_.escape(t.slice(0, showChar))}<span>${ellipsesText} </span>
+            <button type="button" class="dm-button--unstyled-primary more-link">${moreText}</button>`;
+        let secondHalf = `<span style="display:none;">${_.escape(t.slice(showChar, t.length))}
+            <button type="button" class="dm-button--unstyled-primary less-link">${lessText}</button></span>`;
+
         if (t.length < showChar) return;
 
         $(element).html(firstHalf + secondHalf);