Describe the bug

In multi-page HTML builds of Sphinx projects that have search functionality enabled and use the default searchtools.js implementation, a user search query (either input manually, or as a result of clicking on a hyperlink to the documentation) for the term __proto__ may produce an error in the user's browser.

Although I don't believe that this is realistically exploitable as a security vulnerability in the client-side code deployed in Sphinx HTML projects, it is a query (a form of user-controlled input) that produces an error at runtime.

How to Reproduce

The problem can be replicated in a minimal Sphinx project containing an empty conf.py file and an empty index.rst file.

Assuming that those two files have been placed in a poc directory, run the following command to build the project:

$ sphinx-build -b html poc _build

...and then serve it on a local webserver:

$ python -m http.server -b 127.0.0.1 -d _build

You should subsequently be able to replicate the error by opening the URL: http://127.0.0.1:8000/search.html?q=__proto__

The error that appears in Firefox's JavaScript developer console is:

Uncaught (in promise) TypeError: Node.appendChild: Argument 1 is not an object.

Environment Information

Platform:              linux; (Linux-6.11.4-rt-amd64-x86_64-with-glibc2.40)
Python version:        3.12.7 (main, Oct  3 2024, 15:15:22) [GCC 14.2.0])
Python implementation: CPython
Sphinx version:        8.2.0+/2137d0d2e
Docutils version:      0.21.2
Jinja2 version:        3.1.4
Pygments version:      2.18.0

Sphinx extensions

N/A

Additional context

I plan to offer a pull request to resolve this problem alongside this bug report.