Add sanitization on selector string of search form

src/power_grid_model_ds/_core/model/grids/base.py

@@ -149,6 +149,10 @@ def empty(cls: Type[G], graph_model: type[BaseGraphModel] = RustworkxGraphModel)
     def from_cache(cls: Type[Self], cache_path: Path, load_graphs: bool = True) -> Self:
         """Read from cache and build .graphs from arrays
 
+        WARNING: This function uses pickle.load() which can execute arbitrary code.
+        Only load pickle files from trusted sources. Never load pickle files from
+        untrusted or unauthenticated sources as this could lead to arbitrary code execution.
+
         Args:
             cache_path (Path): The path to the cache
             load_graphs (bool, optional): Whether to load the graphs. Defaults to True.

src/power_grid_model_ds/_core/visualizer/callbacks/search_form.py

@@ -22,6 +22,8 @@ def search_element(group: str, column: str, operator: str, value: str, styleshee
     if not group or not column or not value:
         raise PreventUpdate
 
+    sanitized_value = str(value).strip().replace("\\", "\\\\").replace('"', '\\"')
+
     # Determine if we're working with a node or an edge type
     if group == "node":
         style = {
@@ -32,9 +34,9 @@ def search_element(group: str, column: str, operator: str, value: str, styleshee
         style = {"line-color": CYTO_COLORS["highlighted"], "target-arrow-color": CYTO_COLORS["highlighted"]}
 
     if column == "id":
-        selector = f'[{column} {operator} "{value}"]'
+        selector = f'[{column} {operator} "{sanitized_value}"]'
     else:
-        selector = f"[{column} {operator} {value}]"
+        selector = f"[{column} {operator} {sanitized_value}]"
 
     new_style = {
         "selector": selector,