From 846c8edc2821e3eed9e52b1e2f0336d7104d0e21 Mon Sep 17 00:00:00 2001
From: Chris Banks <chris.banks@digital.cabinet-office.gov.uk>
Date: Tue, 26 Mar 2024 09:13:20 +0000
Subject: [PATCH] Fix incomplete regex escape function.

Use the regex from the TC39 [regex escaping
proposal](https://github.com/tc39/proposal-regex-escaping) instead of
our own, which didn't handle backslashes properly.

The code taken from the proposal is public domain (CC0 1.0 declaration),
so the attribution link is simply for maintainability rather than legal
reasons.

Fixes
https://github.com/alphagov/content-tagger/security/code-scanning/1.
---
 app/assets/javascripts/filter-table.js | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/app/assets/javascripts/filter-table.js b/app/assets/javascripts/filter-table.js
index e24a41e19..6582c738c 100644
--- a/app/assets/javascripts/filter-table.js
+++ b/app/assets/javascripts/filter-table.js
@@ -50,11 +50,9 @@
         GOVUKAdmin.redirect(link.attr('href'))
       }
 
-      // http://stackoverflow.com/questions/3446170/escape-string-for-use-in-javascript-regex
-      // https://developer.mozilla.org/en/JavaScript/Reference/Global_Objects/regexp
-      // Escape ~!@#$%^&*(){}[]`/=?+\|-_;:'",<.>
       function escapeStringForRegexp (str) {
-        return str.replace(/[-[\]/{}()*+?.^$|]/g, '\\$&')
+        // https://github.com/tc39/proposal-regex-escaping
+        return str.replace(/[\\^$*+?.()|[\]{}]/g, '\\$&')
       }
     }
   }