Escape html chars in Inject/Debug and Info pane

2025-03-01 10:36:34 +00:00 · 2014-04-09 14:50:53 +01:00
parent 8a646f73b3
commit 10d9dee4aa
3 changed files with 5 additions and 4 deletions
--- a/nodes/core/core/58-debug.html
+++ b/nodes/core/core/58-debug.html
@@ -156,9 +156,9 @@
                    });
                    RED.view.redraw();
                };
-                var name = (o.name?o.name:o.id).toString().replace(/</g,"&lt;").replace(/>/g,"&gt;");
-                var topic = (o.topic||"").toString().replace(/</g,"&lt;").replace(/>/g,"&gt;");
-                var payload = (o.msg||"").toString().replace(/</g,"&lt;").replace(/>/g,"&gt;");
+                var name = (o.name?o.name:o.id).toString().replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;");
+                var topic = (o.topic||"").toString().replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;");
+                var payload = (o.msg||"").toString().replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;");
                msg.className = 'debug-message'+(o.level?(' debug-message-level-'+o.level):'')
                msg.innerHTML = '<span class="debug-message-date">'+getTimestamp()+'</span>'+
                                '<span class="debug-message-name">['+name+']</span>'+