diff options
| author | Nico Weber <thakis@chromium.org> | 2020-07-22 21:43:08 -0400 |
|---|---|---|
| committer | Andreas Kling <kling@serenityos.org> | 2020-07-23 23:01:16 +0200 |
| commit | c4d9d5cc548bb17d8ef190cfa13045562a1e9820 (patch) | |
| tree | ab112ac7e2f27f41a309de378c188d28aff16ca0 /Applications/Browser | |
| parent | 65ec655b0dd206426af106fae3843e59ca475e94 (diff) | |
| download | serenity-c4d9d5cc548bb17d8ef190cfa13045562a1e9820.zip | |
Browser: Escape JS source operators for HTML display in console
Console inputs to try before and after this patch:
- `0xffff & 0xff`
- `"a & b"`
- `"<div>"`
- `a &` (to see the escaping in the error hint)
Diffstat (limited to 'Applications/Browser')
| -rw-r--r-- | Applications/Browser/ConsoleWidget.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/Applications/Browser/ConsoleWidget.cpp b/Applications/Browser/ConsoleWidget.cpp index 459043d991..c14e6183c8 100644 --- a/Applications/Browser/ConsoleWidget.cpp +++ b/Applications/Browser/ConsoleWidget.cpp @@ -91,7 +91,7 @@ ConsoleWidget::ConsoleWidget() auto error = parser.errors()[0]; auto hint = error.source_location_hint(js_source); if (!hint.is_empty()) - output_html.append(String::format("<pre>%s</pre>", hint.characters())); + output_html.append(String::format("<pre>%s</pre>", escape_html_entities(hint).characters())); m_interpreter->throw_exception<JS::SyntaxError>(error.to_string()); } else { m_interpreter->run(m_interpreter->global_object(),*program); |