456d9958e98e87dcd02185876ad245964ffefa2a
chmalee
  Wed Feb 4 12:26:45 2026 -0800
faceted bar charts include their own jquery lib for some reason and when we strip script tags to do hgc popups we didn't catch this one, refs #37014

diff --git src/hg/js/utils.js src/hg/js/utils.js
index 26aa223a5ec..68081cabcb6 100644
--- src/hg/js/utils.js
+++ src/hg/js/utils.js
@@ -1851,31 +1851,32 @@
         // OLD WAY var warnMsg = bindings.insideOut('<P>','</P>',cleanHtml,bounds.start,bounds.stop);
 	var warnMsg = cleanHtml.slice(bounds.start+begToken.length,bounds.stop-endToken.length);
         if (warnMsg.length > 0) {
             warn(warnMsg);
             if (whatWeDid)
                 whatWeDid.warnMsg = warnMsg;
         }
         cleanHtml = cleanHtml.slice(0,bounds.start) + cleanHtml.slice(bounds.stop);
     }
     return cleanHtml;
 }
 
 function stripJsFiles(returnedHtml, debug, whatWeDid)
 { // strips javascript files from html returned by ajax
     var cleanHtml = returnedHtml;
-    var shlurpPattern=/<script type=\'text\/javascript\' SRC\=\'.*\'\><\/script\>/gi;
+    // Match script tags with src attribute - handles single/double quotes, with/without type attr
+    var shlurpPattern=/<script[^>]*\ssrc\s*=\s*(['"])[^'"]*\1[^>]*>\s*<\/script>/gi;
     if (debug || whatWeDid) {
         var jsFiles = cleanHtml.match(shlurpPattern);
         if (jsFiles && jsFiles.length > 0) {
 	    if (debug)
 		alert("jsFiles:'"+jsFiles+"'\n---------------\n"+cleanHtml); // warn() interprets html
 	    if (whatWeDid)
 		whatWeDid.jsFiles = jsFiles;
 	}
     }
     cleanHtml = cleanHtml.replace(shlurpPattern,"");
 
     return cleanHtml;
 }
 
 function stripCspHeader(html, debug, whatWeDid)