Description of the false positive
It seems as encodeURIComponent in the encodeURIComponent(window.location.href) should have prevented this to appear as part of the client-side cross-site scripting.
URL to the alert on the project page on LGTM.com
https://lgtm.com/projects/g/web2py/web2py/snapshot/dd7f4f5e26da1a13de3b7dfe3a1847b3bbe40812/files/applications/admin/static/js/share.js?sort=name&dir=ASC&mode=heatmap#xa529f548552a385f:1
Description of the false positive
It seems as
encodeURIComponentin theencodeURIComponent(window.location.href)should have prevented this to appear as part of the client-side cross-site scripting.URL to the alert on the project page on LGTM.com
https://lgtm.com/projects/g/web2py/web2py/snapshot/dd7f4f5e26da1a13de3b7dfe3a1847b3bbe40812/files/applications/admin/static/js/share.js?sort=name&dir=ASC&mode=heatmap#xa529f548552a385f:1