Prevent possible XSS when using jQuery (#18289)

In the case of misuse or misunderstanding from a developer whereby,
if `sel` can receive user-controlled data, jQuery `$(sel)` can lead to the
creation of a new element. Current usage is using hard-coded selectors
in the templates, but nobody prevents that from expanding to
user-controlled somehow.

web_src/js/features/repo-issue.js

@@ -28,7 +28,7 @@ export function initRepoIssueTimeTracking() {
   });
   $(document).on('click', 'button.issue-delete-time', function () {
     const sel = `.issue-delete-time-modal[data-id="${$(this).data('id')}"]`;
-    $(sel).modal({
+    $.find(sel).modal({
       duration: 200,
       onApprove() {
         $(`${sel} form`).trigger('submit');
@@ -535,7 +535,7 @@ export function initRepoIssueReferenceIssue() {
     const content = $(`#comment-${$this.data('target')}`).text();
     const poster = $this.data('poster-username');
     const reference = $this.data('reference');
-    const $modal = $($this.data('modal'));
+    const $modal = $.find($this.data('modal'));
     $modal.find('textarea[name="content"]').val(`${content}\n\n_Originally posted by @${poster} in ${reference}_`);
     $modal.modal('show');