fix: css selector string escaping vulnerability (#888)

Resolves #888

Author: cotes2020

_javascript/utils/smooth-scroll.js

@@ -28,7 +28,7 @@ $(function () {
             const hash = decodeURI(this.hash);
             let toFootnoteRef = RegExp(/^#fnref:/).test(hash);
             let toFootnote = toFootnoteRef ? false : RegExp(/^#fn:/).test(hash);
-            let selector = hash.includes(":") ? hash.replace(/:/g, "\\:") : hash;
+            let selector = '#' + $.escapeSelector(hash.substring(1));
             let $target = $(selector);
 
             let isMobileViews = $topbarTitle.is(":visible");