From 252100b70448f4d2925f595e9e34067a78aef274 Mon Sep 17 00:00:00 2001
From: David Cole <dcole@rentpath.com>
Date: Fri, 19 Sep 2014 13:44:45 -0400
Subject: [PATCH] Escape returned HTML.

---
 src/main/coffeescript/view/OperationView.coffee | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/coffeescript/view/OperationView.coffee b/src/main/coffeescript/view/OperationView.coffee
index 3235230a..680fa336 100644
--- a/src/main/coffeescript/view/OperationView.coffee
+++ b/src/main/coffeescript/view/OperationView.coffee
@@ -356,7 +356,7 @@ class OperationView extends Backbone.View
       code = $('<code />').text(@formatXml(content))
       pre = $('<pre class="xml" />').append(code)
     else if contentType is "text/html"
-      code = $('<code />').html(content)
+      code = $('<code />').html(_.escape(content))
       pre = $('<pre class="xml" />').append(code)
     else if /^image\//.test(contentType)
       pre = $('<img>').attr('src',url)