Fix code scanning alert no. 86: Client-side cross-site scripting

[robfrank]

Fixes https://github.com/ArcadeData/arcadedb/security/code-scanning/86

To fix the cross-site scripting vulnerability, we need to ensure that any user-provided data is properly sanitized before being inserted into the HTML. The best way to fix this issue is to use a function that escapes HTML special characters, preventing the execution of any embedded scripts.

• General Fix: Use a function to escape HTML special characters before inserting user-provided data into the HTML.
• Detailed Fix: Modify the line that appends the option element to use a sanitized version of limitPar.
• Files/Regions/Lines to Change: Modify line 372 in studio/src/main/resources/static/query.html.
• Needed: Ensure the escapeHtml function is available and used correctly.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

[codacy-production]

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation	Diff coverage
✅ +0.00%	✅ ∅

Coverage variation details

	Coverable lines	Covered lines	Coverage
Common ancestor commit (b69eb48)	65144	0	0.00%
Head commit (74bbccd)	65144 (+0)	0 (+0)	0.00% (+0.00%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details

	Coverable lines	Covered lines	Diff coverage
Pull request (#1769)	0	0	∅ (not applicable)

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

_{Codacy stopped sending the deprecated coverage status on June 5th, 2024. Learn more}