Fix for code scanning alert no. 1719: Client-side cross-site scripting (#19607)

* Fix for code scanning alert no. 1719: Client-side cross-site scripting

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* feat: uses built-in sanitizeHtml in backoffice

---------

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Author: iOvergaard

src/Umbraco.Web.UI.Client/src/packages/media/media/url/info-app/media-links-workspace-info-app.element.ts

@@ -6,7 +6,7 @@ import { UmbLitElement } from '@umbraco-cms/backoffice/lit-element';
 import { UmbRequestReloadStructureForEntityEvent } from '@umbraco-cms/backoffice/entity-action';
 import type { UMB_ACTION_EVENT_CONTEXT } from '@umbraco-cms/backoffice/action';
 import { observeMultiple } from '@umbraco-cms/backoffice/observable-api';
-import { debounce } from '@umbraco-cms/backoffice/utils';
+import { debounce, sanitizeHTML } from '@umbraco-cms/backoffice/utils';
 
 interface UmbMediaInfoViewLink {
 	url: string | undefined;
@@ -111,7 +111,7 @@ export class UmbMediaLinksWorkspaceInfoAppElement extends UmbLitElement {
 		const html = `<!doctype html>
 <body style="background-image: linear-gradient(45deg, #ccc 25%, transparent 25%), linear-gradient(135deg, #ccc 25%, transparent 25%), linear-gradient(45deg, transparent 75%, #ccc 75%), linear-gradient(135deg, transparent 75%, #ccc 75%); background-size:30px 30px; background-position:0 0, 15px 0, 15px -15px, 0px 15px;">
 	<img src="${imagePath}"/>
-	<script>history.pushState(null, null, "${window.location.href}");</script>
+	<script>history.pushState(null, null, "${sanitizeHTML(window.location.href)}");</script>
 </body>`;
 
 		popup.document.open();