Fix duplicate content loading on main page and XSS vulnerability in URL params

[Copilot]

The main page was rendering index.md content twice: once into docContainer (unconditionally) and again into indexHeading (when no URL params present).

Changes

Conditional content loading

• docContainer now only populates when ?type= or ?codes= params exist
• Main page leaves docContainer empty, rendering index.md only in indexHeading

Security fix

• Sanitize URL params before injecting into innerHTML to prevent XSS
• Restrict to [a-zA-Z0-9-] character set (sufficient for all valid problem/error code names)

// Before: Always loaded index.md, vulnerable to XSS
var doc = "./index.md";
if (urlParams.has('type')) {
    doc = "./" + urlParams.get('type') + ".md";
}
docContainer.innerHTML = "<zero-md src='" + doc + "'></zero-md>";

// After: Conditional loading with sanitization
var doc = null;
if (urlParams.has('type')) {
    var type = urlParams.get('type').replace(/[^a-zA-Z0-9-]/g, '');
    doc = "./" + type + ".md";
}
if (doc) {
    docContainer.innerHTML = "<zero-md src='" + doc + "'></zero-md>";
}

Screenshot

Before: Missing content due to duplicate loading interference

Original prompt

On the main page, I'm getting the below appearing twice. Fix it

Problems
These are the shared problems for Bunnings APIs. All problems are compliant with RFC 7807; some include extensions to the base application/problem+json media type. Refer to individual pages for schema definitions.

Problems returned in this format include a Problem Type URL that can be used to interpret the rest of the response. The URL is of the format https://problem.api.bunnings.com.au?type=, for example: https://problem.api.bunnings.com.au?type=invalidServerState.

Problem types
Refer to the links below for details:

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.