Properly escape html strings passed to debug

2025-03-01 10:36:34 +00:00 · 2016-11-27 21:51:34 +00:00
parent f2797a4153
commit 52fc497412
3 changed files with 27 additions and 18 deletions
--- a/nodes/core/core/lib/debug/debug-utils.js
+++ b/nodes/core/core/lib/debug/debug-utils.js
@@ -198,7 +198,7 @@ RED.debug = (function() {
        var name = sanitize(((o.name?o.name:o.id)||"").toString());
        var topic = sanitize((o.topic||"").toString());
        var property = sanitize(o.property?o.property:'');
-        var payload = sanitize((o.msg||"").toString());
+        var payload = o.msg;
        var format = sanitize((o.format||"").toString());
        msg.className = 'debug-message'+(o.level?(' debug-message-level-'+o.level):'') +
        ((sourceNode&&sourceNode.z)?((" debug-message-flow-"+sourceNode.z+((filter&&(activeWorkspace!==sourceNode.z))?" hide":""))):"");