From e28809ff8584ae8e60bda6491c3770b04cce23c9 Mon Sep 17 00:00:00 2001
From: nod_ <nod_@598310.no-reply.drupal.org>
Date: Thu, 4 Apr 2024 22:30:45 +0200
Subject: [PATCH] Issue #3426514 by magaki, Tom Konda, longwave:
 Drupal.theme.progressBar() does not escape output correctly

(cherry picked from commit 1c9e2cff5c7de50218a021dee6d475e6fe390db8)
---
 core/misc/progress.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/core/misc/progress.js b/core/misc/progress.js
index bbf70365e1c3..a38285e27abf 100644
--- a/core/misc/progress.js
+++ b/core/misc/progress.js
@@ -14,8 +14,9 @@
    *   The HTML for the progress bar.
    */
   Drupal.theme.progressBar = function (id) {
+    const escapedId = Drupal.checkPlain(id);
     return (
-      `<div id="${id}" class="progress" aria-live="polite">` +
+      `<div id="${escapedId}" class="progress" aria-live="polite">` +
       '<div class="progress__label">&nbsp;</div>' +
       '<div class="progress__track"><div class="progress__bar"></div></div>' +
       '<div class="progress__percentage"></div>' +
-- 
GitLab