From b24fac3dd88a67ca769b479638e98217dbc290c1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Linus=20Unneb=C3=A4ck?= <linus@folkdatorn.se>
Date: Thu, 16 Feb 2017 16:28:00 +0100
Subject: [PATCH] Use textContent to avoid manual escaping

---
 editor/js/ui/view.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/editor/js/ui/view.js b/editor/js/ui/view.js
index f94059d71..346d53509 100644
--- a/editor/js/ui/view.js
+++ b/editor/js/ui/view.js
@@ -1297,7 +1297,7 @@ RED.view = (function() {
         sp.className = className;
         sp.style.position = "absolute";
         sp.style.top = "-1000px";
-        sp.innerHTML = (str||"").replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;");
+        sp.textContent = (str||"");
         document.body.appendChild(sp);
         var w = sp.offsetWidth;
         document.body.removeChild(sp);