From ae159fb1230717e65a79a60164c18b1192265fbc Mon Sep 17 00:00:00 2001
From: Tim Hoffmann <2836374+timhoffm@users.noreply.github.com>
Date: Thu, 5 Jun 2025 12:38:39 +0200
Subject: [PATCH] Backport PR #30144: js: Fix externally-controlled format
 strings

---
 lib/matplotlib/backends/web_backend/js/mpl.js | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/lib/matplotlib/backends/web_backend/js/mpl.js b/lib/matplotlib/backends/web_backend/js/mpl.js
index 2d1f383e9839..303260773a2f 100644
--- a/lib/matplotlib/backends/web_backend/js/mpl.js
+++ b/lib/matplotlib/backends/web_backend/js/mpl.js
@@ -575,7 +575,8 @@ mpl.figure.prototype._make_on_message_function = function (fig) {
             var callback = fig['handle_' + msg_type];
         } catch (e) {
             console.log(
-                "No handler for the '" + msg_type + "' message type: ",
+                "No handler for the '%s' message type: ",
+                msg_type,
                 msg
             );
             return;
@@ -583,11 +584,12 @@ mpl.figure.prototype._make_on_message_function = function (fig) {
 
         if (callback) {
             try {
-                // console.log("Handling '" + msg_type + "' message: ", msg);
+                // console.log("Handling '%s' message: ", msg_type, msg);
                 callback(fig, msg);
             } catch (e) {
                 console.log(
-                    "Exception inside the 'handler_" + msg_type + "' callback:",
+                    "Exception inside the 'handler_%s' callback:",
+                    msg_type,
                     e,
                     e.stack,
                     msg