Description of the false positive
LGTM complains of an XSS vulnerability due to including user input in a URL. However, I believe the use of encodeURIComponent should address this.
URL to the alert on the project page on LGTM.com
https://lgtm.com/projects/g/google/codeworld/snapshot/8e78087205b2168e4340416885464b313cf25767/files/web/run.html?sort=name&dir=ASC&mode=heatmap#xeb91aa024ab0c6af:1
Description of the false positive
LGTM complains of an XSS vulnerability due to including user input in a URL. However, I believe the use of
encodeURIComponentshould address this.URL to the alert on the project page on LGTM.com
https://lgtm.com/projects/g/google/codeworld/snapshot/8e78087205b2168e4340416885464b313cf25767/files/web/run.html?sort=name&dir=ASC&mode=heatmap#xeb91aa024ab0c6af:1