Merge pull request #589 from davidcole/escape_returned_html

Escape returned HTML
2014-09-20 13:45:20 -07:00
parent 35aac47df3 252100b704
commit b9d6f388e9
1 changed files with 1 additions and 1 deletions
--- a/src/main/coffeescript/view/OperationView.coffee
+++ b/src/main/coffeescript/view/OperationView.coffee
@@ -356,7 +356,7 @@ class OperationView extends Backbone.View
      code = $('<code />').text(@formatXml(content))
      pre = $('<pre class="xml" />').append(code)
    else if contentType is "text/html"
-      code = $('<code />').html(content)
+      code = $('<code />').html(_.escape(content))
      pre = $('<pre class="xml" />').append(code)
    else if /^image\//.test(contentType)
      pre = $('<img>').attr('src',url)