From 0dc15a976f4f13973b8f2906500c322fc55ddbc1 Mon Sep 17 00:00:00 2001
From: Elliott Sales de Andrade <quantum.analyst@gmail.com>
Date: Wed, 4 Jun 2025 20:54:21 -0400
Subject: [PATCH] js: Fix externally-controlled format strings

CodeQL is now complaining about these. This should be okay since we only
talk to ourselves, but better to be safe about it.
---
 lib/matplotlib/backends/web_backend/js/mpl.js | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/lib/matplotlib/backends/web_backend/js/mpl.js b/lib/matplotlib/backends/web_backend/js/mpl.js
index 2d1f383e9839..303260773a2f 100644
--- a/lib/matplotlib/backends/web_backend/js/mpl.js
+++ b/lib/matplotlib/backends/web_backend/js/mpl.js
@@ -575,7 +575,8 @@ mpl.figure.prototype._make_on_message_function = function (fig) {
             var callback = fig['handle_' + msg_type];
         } catch (e) {
             console.log(
-                "No handler for the '" + msg_type + "' message type: ",
+                "No handler for the '%s' message type: ",
+                msg_type,
                 msg
             );
             return;
@@ -583,11 +584,12 @@ mpl.figure.prototype._make_on_message_function = function (fig) {
 
         if (callback) {
             try {
-                // console.log("Handling '" + msg_type + "' message: ", msg);
+                // console.log("Handling '%s' message: ", msg_type, msg);
                 callback(fig, msg);
             } catch (e) {
                 console.log(
-                    "Exception inside the 'handler_" + msg_type + "' callback:",
+                    "Exception inside the 'handler_%s' callback:",
+                    msg_type,
                     e,
                     e.stack,
                     msg