Fix code scanning alerts (#2006)

* Fix code scanning alert no. 87: Bad HTML filtering regexp (#2001)

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Fix code scanning alert no. 86: Bad HTML filtering regexp (#2002)

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Fix code scanning alert no. 90: Replacement of a substring with itself (#2003)

* Fix code scanning alert no. 90: Replacement of a substring with itself

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Update 15utility.js

---------

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Fix code scanning alert no. 35: Incomplete string escaping or encoding (#2005)

* Fix code scanning alert no. 34: Incomplete string escaping or encoding (#2004)

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Fix code scanning alert no. 35: Incomplete string escaping or encoding

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

---------

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

---------

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Author: mathiasrw

modules/xlsx/dist/xlsx.extendscript.js

@@ -21698,7 +21698,7 @@ function html_to_sheet(str, _opts) {
 	var opts = _opts || {};
 	var dense = (opts.dense != null) ? opts.dense : DENSE;
 	var ws = ({}); if(dense) ws["!data"] = [];
-	str = str.replace(/<!--.*?-->/g, "");
+	str = str.replace(/<!--[\s\S]*?-->/g, "");
 	var mtch = str.match(/<table/i);
 	if(!mtch) throw new Error("Invalid HTML: could not find <table>");
 	var mtch2 = str.match(/<\/table/i);

modules/xlsx/xlsx.mjs

@@ -21647,7 +21647,7 @@ function html_to_sheet(str/*:string*/, _opts)/*:Workbook*/ {
 	var opts = _opts || {};
 	var dense = (opts.dense != null) ? opts.dense : DENSE;
 	var ws/*:Worksheet*/ = ({}/*:any*/); if(dense) ws["!data"] = [];
-	str = str.replace(/<!--.*?-->/g, "");
+	str = str.replace(/<!--[\s\S]*?-->/g, "");
 	var mtch/*:any*/ = str.match(/<table/i);
 	if(!mtch) throw new Error("Invalid HTML: could not find <table>");
 	var mtch2/*:any*/ = str.match(/<\/table/i);

src/15utility.js

@@ -124,15 +124,14 @@ var doubleq = (utils.doubleq = function (s) {
 });
 
 /**
-  Replace sigle quote to escaped single quote
+  Replace single quote with escaped single quote
   @param {string} s Source string
   @return {string} Replaced string
 
-  @todo Chack this functions
-
-  */
+  @todo Check this function
+*/
 var doubleqq = (utils.doubleqq = function (s) {
-	return s.replace(/\'/g, "'");
+	return s.replace(/'/g, "\\'");
 });
 
 /**

test/test376.js

@@ -239,7 +239,7 @@ SELECT ASCII('ÿ'); -- 255 - Latin small letter y with diaeresis
 		tests = (/\/\*([\S\s]+)\*\//m.exec(tests) || ['', ''])[1];
 
 		tests
-			.replace('\r', '')
+			.replace(/\r/g, '')
 			.trim()
 			.split('\n')
 			.forEach(function (test) {