Escaper html for innkommen eventid etter alert fra CodeQL

Author: terjeofnorway

package-lock.json

@@ -47,6 +47,7 @@
         "@reduxjs/toolkit": "2.2.7",
         "csp-header": "5.2.1",
         "dayjs": "1.11.13",
+        "escape-html": "^1.0.3",
         "fuse.js": "6.6.2",
         "html-react-parser": "5.1.16",
         "js-cookie": "3.0.5",
@@ -83,6 +84,7 @@
         "@storybook/test": "8.3.3",
         "@testing-library/jest-dom": "6.5.0",
         "@testing-library/react": "16.0.1",
+        "@types/escape-html": "^1.0.4",
         "@types/jest": "29.5.13",
         "@types/js-cookie": "3.0.6",
         "@types/lodash.debounce": "4.0.9",

package.json

@@ -1,13 +1,15 @@
 import { RequestHandler } from 'express';
 import PageCacheHandler from 'cache/page-cache-handler';
 import { logger } from 'srcCommon/logger';
+import escapeHtml from 'escape-html';
+import { escape } from 'querystring';
 
 export const handleInvalidatePathsReq: RequestHandler = (req, res) => {
-    const { eventid } = req.headers;
+    const { eventid = '' } = req.headers;
     const { paths } = req.body;
 
     if (!Array.isArray(paths)) {
-        const msg = `Invalid path array for event ${eventid}`;
+        const msg = `Invalid path array for event ${escapeHtml(eventid.toString())}`;
         logger.error(msg);
         res.status(400).send(msg);
         return;
@@ -17,7 +19,7 @@ export const handleInvalidatePathsReq: RequestHandler = (req, res) => {
 
     paths.forEach((path) => cacheHandler.delete(path));
 
-    const msg = `Received cache invalidation event for ${paths.length} paths - event id ${eventid}`;
+    const msg = `Received cache invalidation event for ${paths.length} paths - event id ${escapeHtml(eventid.toString())}`;
     logger.info(msg);
 
     res.status(200).send(msg);