From 19b7356e27eabd581bcd50a0c3bda42a87319528 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Wed, 17 Dec 2025 12:17:06 +0000
Subject: [PATCH 1/3] Initial plan


From 8c520bcd7f919ca34eb85228b7d8b8923a541085 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Wed, 17 Dec 2025 12:19:59 +0000
Subject: [PATCH 2/3] Fix XSS vulnerability by HTML-encoding before replacing
 delimiters

Co-authored-by: bart-vmware <104792814+bart-vmware@users.noreply.github.com>
---
 .../Views/Home/PlaceholderValues.cshtml                       | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Configuration/src/ConfigurationProviders/Views/Home/PlaceholderValues.cshtml b/Configuration/src/ConfigurationProviders/Views/Home/PlaceholderValues.cshtml
index 919e9e5f..e80eb0a8 100644
--- a/Configuration/src/ConfigurationProviders/Views/Home/PlaceholderValues.cshtml
+++ b/Configuration/src/ConfigurationProviders/Views/Home/PlaceholderValues.cshtml
@@ -15,11 +15,11 @@
             <td>
                 @if (Platform.IsWindows)
                 {
-                    @Html.Raw(Model.ResolvedFromPathEnvironmentVariable?.Replace(";", "<br/>"))
+                    @Html.Raw(Html.Encode(Model.ResolvedFromPathEnvironmentVariable)?.Replace(";", "<br/>"))
                 }
                 else
                 {
-                    @Html.Raw(Model.ResolvedFromPathEnvironmentVariable?.Replace(":", "<br/>"))
+                    @Html.Raw(Html.Encode(Model.ResolvedFromPathEnvironmentVariable)?.Replace(":", "<br/>"))
                 }
             </td>
         </tr>

From 74f31e71c020ff9b50b6d8299d2caf96801577b0 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Wed, 17 Dec 2025 12:26:36 +0000
Subject: [PATCH 3/3] Remove unnecessary null-conditional operator after
 Html.Encode

Co-authored-by: bart-vmware <104792814+bart-vmware@users.noreply.github.com>
---
 .../Views/Home/PlaceholderValues.cshtml                       | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Configuration/src/ConfigurationProviders/Views/Home/PlaceholderValues.cshtml b/Configuration/src/ConfigurationProviders/Views/Home/PlaceholderValues.cshtml
index e80eb0a8..85c9cf97 100644
--- a/Configuration/src/ConfigurationProviders/Views/Home/PlaceholderValues.cshtml
+++ b/Configuration/src/ConfigurationProviders/Views/Home/PlaceholderValues.cshtml
@@ -15,11 +15,11 @@
             <td>
                 @if (Platform.IsWindows)
                 {
-                    @Html.Raw(Html.Encode(Model.ResolvedFromPathEnvironmentVariable)?.Replace(";", "<br/>"))
+                    @Html.Raw(Html.Encode(Model.ResolvedFromPathEnvironmentVariable).Replace(";", "<br/>"))
                 }
                 else
                 {
-                    @Html.Raw(Html.Encode(Model.ResolvedFromPathEnvironmentVariable)?.Replace(":", "<br/>"))
+                    @Html.Raw(Html.Encode(Model.ResolvedFromPathEnvironmentVariable).Replace(":", "<br/>"))
                 }
             </td>
         </tr>