Escape returned HTML.

2014-09-19 13:44:45 -04:00
parent d9f13e9163
commit 252100b704
1 changed files with 1 additions and 1 deletions
--- a/src/main/coffeescript/view/OperationView.coffee
+++ b/src/main/coffeescript/view/OperationView.coffee
@@ -356,7 +356,7 @@ class OperationView extends Backbone.View
      code = $('<code />').text(@formatXml(content))
      pre = $('<pre class="xml" />').append(code)
    else if contentType is "text/html"
-      code = $('<code />').html(content)
+      code = $('<code />').html(_.escape(content))
      pre = $('<pre class="xml" />').append(code)
    else if /^image\//.test(contentType)
      pre = $('<img>').attr('src',url)