When attempting to exploit Cacti using alert, unexpected errors can be seen

[YongBoLiu]

Describe the bug

A clear and concise description of what the bug is.
Input the string <script>alert('test CVE');</script> into search filter of Console->Site, Console->Data Queries page. Click the Go button. The main table of screen become blank. And get the JS errors below,

Uncaught Error: Syntax error, unrecognized expression: a[href^='data_queries.php?header=false&filter=<script>alert('test CVE');</script>&rows=-1']
at Function.Sizzle.error (VM2293 jquery.js:1541)
at Sizzle.tokenize (VM2293 jquery.js:2193)
at Function.Sizzle [as find] (VM2293 jquery.js:815)
at jQuery.fn.init.find (VM2293 jquery.js:2873)
at Object. (layout.js?ea97ab27c1fd2763359bda63736742d9:1980)
at fire (VM2293 jquery.js:3268)
at Object.fireWith [as resolveWith] (VM2293 jquery.js:3398)
at done (VM2293 jquery.js:9305)
at XMLHttpRequest. (VM2293 jquery.js:9548)

To Reproduce

Steps to reproduce the behavior:

1. Go to Console->Data Queries page. Input the string <script>alert('test CVE');</script> into search filter.

2. Click the Go button

3. Check the screen.

4. See console of Firefox , see the JS error

Expected behavior

A clear and concise description of what you expected to happen.
No blank screen, and no JS errors.

Screenshots

If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information)

• OS: [e.g. iOS]

• Browser [e.g. chrome, safari]

• Version [e.g. 22]

Smartphone (please complete the following information)

• Device: [e.g. iPhone6]

• OS: [e.g. iOS8.1]

• Browser [e.g. stock browser, safari]
  Firefox68.6 64bit

• Version [e.g. 22]

Additional context

Add any other context about the problem here.
It's happens in cacti 1.2.10

[TheWitness]

@YongBoLiu, I decided to take a slightly different approach.

[YongBoLiu]

@TheWitness , it's better. And I think the cause is, the char ' is used in the code a[href^=' . So, just the "'": '&#39;', is also ok.