How to fix this issues for last two lines?
Sink: jQuery()
Enclosing Method: handleFilter()
Taint Flags: WEB, XSS
function handleFilter(panelId, textFilterId) {
var text = $('#' + textFilterId).val();
if(text === ''){
$('.removedByFilter').css('display', 'visible');
} else {
text = text.toLowerCase();
$('.removedByFilter').css('display', 'visible');
$('.' + panelId + ' .ui-treetable-data tr').removeClass('removedByFilter');
$('.' + panelId + ' .ui-treetable-data tr td label:not([title*=' + text + '])').parent().parent('tr').addClass('removedByFilter');
$('.' + panelId + ' .ui-treetable-data tr td label:not([title*=' + text + '])').parent().parent('tr').css( 'display', 'none' );
}
}
If there is any user input or data that can be inserted, to avoid DOM XSS you can use js encoder <%=Encoder.encodeForJS(Encoder.encodeForHTML(untrustedData))%>. For more information you can read https://cheatsheetseries.owasp.org/cheatsheets/DOM_based_XSS_Prevention_Cheat_Sheet.html.
If there can be no user intervention (for the variable in question) i.e. its a system generated value or a hard-coded value then it can considered as false positive. Also, values coming DB should be checked.
I hope this answers your question.