checkmarx Client Potential XSS fix

After checkmarx scan, we got report about Client Potential XSS and tried to fix it

We already tried the following utility to encode content but none works

https://github.com/cure53/DOMPurify
https://github.com/ESAPI/node-esapi/
https://www.npmjs.com/package/xss-filters

The reported problem code

$(element).after("<label class='error' style='color: red;'>&nbsp;&nbsp;&nbsp;"+$ESAPI.encoder().encodeForHTML($(error).text())+"</label>");

I understand inject variable to html component should be carefully handled but I don't know how to meet checkmarx requirement.

Hope someone experienced can help

Thanks,

Solution

Solution proposed by @fgb is almost right. Checkmarx seems not like concatenation when creating HTML.

The following code might not good enough, but it pass checkmarx test

var label = $("<label class='error' style='color: red;'>");
label.text($(error).text());
$(element).after(label);

First and last sortable items don't consistently move out of the way in jQuery UI Sortable
Selecting text in an element (akin to highlighting with your mouse)
Revolution slider and strange symbol instead of arrows
Explain the jquery code, especially the toggleClass function
JSON syntax error: 'unexpected number' or 'JSON.parse: expected ',' or '}' after property value in object'
How to get the number of elements in a JSON array?
Detecting Browser Autofill
Dynamically adding cases to a switch
How to expand 'select' option width after the user wants to select an option?
disabling arrow keys in javascript while using onKeyUp
Auto resizing the SELECT element according to selected OPTION's width
Convert input language while typing in
How to make form with two buttons submit a different value for each button?
how to show a div when click on a anchor tag
Get the ready event after appending HTML code
How to select a checkbox using an attribute value? (jquery)
How can I generate the opposite color according to current color?
How to add class to td only if text in that td and other td are present
Drupal 6: replace jquery version on single page
Import an Excel file using AJAX and Laravel
get title from JSON
Specifiy the order of the validators in jQuery validate plugin
How do I synchronize the scroll position of two divs?
Save data through ajax jQuery post with form submit
Limit to jQuery id strings?
SecurityError: Blocked attempt to use history.replaceState() to change session history URL
jQuery Tabs - Unable to trap tab click
jQuery ajaxForm returning .json file
Checkbox checked not passing an actual value?
how to keep class attribute stored for Leaflet.js markers