From f137aa333017c747fcce7ebd1655d820d915dbcc Mon Sep 17 00:00:00 2001
From: Sarfraz Khan <sarfraz.khan@mx.com>
Date: Tue, 10 Mar 2026 10:28:22 +0530
Subject: [PATCH] resolving snyk warnign for XSS

---
 .../src/theme/ApiExplorer/Request/makeRequest.ts     | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/packages/docusaurus-theme-openapi-docs/src/theme/ApiExplorer/Request/makeRequest.ts b/packages/docusaurus-theme-openapi-docs/src/theme/ApiExplorer/Request/makeRequest.ts
index 07b2edb..91b6167 100644
--- a/packages/docusaurus-theme-openapi-docs/src/theme/ApiExplorer/Request/makeRequest.ts
+++ b/packages/docusaurus-theme-openapi-docs/src/theme/ApiExplorer/Request/makeRequest.ts
@@ -223,7 +223,7 @@ async function makeRequest(
       }
 
       if (fileExtension) {
-        return response.blob().then((blob: any) => {
+        return response.blob().then((blob: Blob) => {
           const url = window.URL.createObjectURL(blob);
 
           const link = document.createElement("a");
@@ -231,14 +231,16 @@ async function makeRequest(
           // Now the file name includes the extension
           link.setAttribute("download", `file${fileExtension}`);
 
-          // These two lines are necessary to make the link click in Firefox
-          link.style.display = "none";
-          document.body.appendChild(link);
+          // These lines are necessary to make the link click in Firefox
+          const hiddenContainer = document.createElement("div");
+          hiddenContainer.style.display = "none";
+          hiddenContainer.appendChild(link);
+          document.body.appendChild(hiddenContainer);
 
           link.click();
 
           // After link is clicked, it's safe to remove it.
-          setTimeout(() => document.body.removeChild(link), 0);
+          setTimeout(() => document.body.removeChild(hiddenContainer), 0);
 
           return response;
         });