From 8bf43ae005178a415b4ce4802a8af8fbac8fef12 Mon Sep 17 00:00:00 2001
From: Arpit Jain <3242828+arpitjain099@users.noreply.github.com>
Date: Sun, 20 Oct 2024 13:55:34 +0900
Subject: [PATCH] Fix code scanning alert no. 12: Reflected server-side
 cross-site scripting

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 End_to_end_Solutions/AOAISearchDemo/app/data/app.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py
index d1d8ada..156bf7b 100644
--- a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py
+++ b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py
@@ -310,7 +310,7 @@ def get_resource(resource_id: str):
     try:
         resource = entities_manager.get_resource(resource_id)
         if resource is None:
-            return Response(response=f"Resource with resource_id {resource_id} not found.", status=404)
+            return Response(response=f"Resource with resource_id {html.escape(resource_id)} not found.", status=404)
         else:
             return Response(response=json.dumps(resource.to_item()), status=200)
     except Exception as e: