docs: Potential fix for code scanning alert no. 794: DOM text reinterpreted as HTML (#8172)

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Author: huguestennier

docs/themes/v2/source/js/code-tabs.js

@@ -31,6 +31,18 @@ Test 1!
 
 
 
+function escapeHTML(str) {
+  return str.replace(/[&<>"']/g, function (char) {
+    return {
+      '&': '&amp;',
+      '<': '&lt;',
+      '>': '&gt;',
+      '"': '&quot;',
+      "'": '&#39;'
+    }[char];
+  });
+}
+
 function openCodeTab(id, event) {
   const tabObj = document.querySelector(`${'#' + id}`);
   const anchorObj = document.querySelector(`${'#' + id + '-anchor'}`);
@@ -75,7 +87,7 @@ function openCodeTab(id, event) {
               'class="Heading XXSmall"' +
               'onclick="openCodeTab(\'' + id + '\', event)" ' +
               'href="#' + id + '-anchor">' +
-              name +
+              escapeHTML(name) +
             '</a>';
     })