From 167cc398ce56d2d32ce3af09a311fc919644d478 Mon Sep 17 00:00:00 2001
From: GCHQDeveloper581 <63102987+GCHQDeveloper581@users.noreply.github.com>
Date: Sat, 4 Apr 2026 12:13:05 +0100
Subject: [PATCH] Properly escape HTML entities in sampleDelim to avoid XSS
 issue (#2307)

---
 src/core/operations/OffsetChecker.mjs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/core/operations/OffsetChecker.mjs b/src/core/operations/OffsetChecker.mjs
index 0f66e591..2a417e4b 100644
--- a/src/core/operations/OffsetChecker.mjs
+++ b/src/core/operations/OffsetChecker.mjs
@@ -99,7 +99,7 @@ class OffsetChecker extends Operation {
             }
         }
 
-        return outputs.join(sampleDelim);
+        return outputs.join(Utils.escapeHtml(sampleDelim));
     }
 
 }