2 files changed, 12 insertions, 12 deletions

diff --git a/Userland/Applications/Browser/BrowserConsoleClient.cpp b/Userland/Applications/Browser/BrowserConsoleClient.cpp
index e1680f2608..e721553fca 100644
--- a/Userland/Applications/Browser/BrowserConsoleClient.cpp
+++ b/Userland/Applications/Browser/BrowserConsoleClient.cpp
@@ -37,7 +37,7 @@ namespace Browser {
 
 JS::Value BrowserConsoleClient::log()
 {
-    m_console_widget.print_html(vm().join_arguments());
+    m_console_widget.print_html(escape_html_entities(vm().join_arguments()));
     return JS::js_undefined();
 }
 
@@ -46,7 +46,7 @@ JS::Value BrowserConsoleClient::info()
     StringBuilder html;
     html.append("<span class=\"info\">");
     html.append("(i) ");
-    html.append(vm().join_arguments());
+    html.append(escape_html_entities(vm().join_arguments()));
     html.append("</span>");
     m_console_widget.print_html(html.string_view());
     return JS::js_undefined();
@@ -57,7 +57,7 @@ JS::Value BrowserConsoleClient::debug()
     StringBuilder html;
     html.append("<span class=\"debug\">");
     html.append("(d) ");
-    html.append(vm().join_arguments());
+    html.append(escape_html_entities(vm().join_arguments()));
     html.append("</span>");
     m_console_widget.print_html(html.string_view());
     return JS::js_undefined();
@@ -68,7 +68,7 @@ JS::Value BrowserConsoleClient::warn()
     StringBuilder html;
     html.append("<span class=\"warn\">");
     html.append("(w) ");
-    html.append(vm().join_arguments());
+    html.append(escape_html_entities(vm().join_arguments()));
     html.append("</span>");
     m_console_widget.print_html(html.string_view());
     return JS::js_undefined();
@@ -79,7 +79,7 @@ JS::Value BrowserConsoleClient::error()
     StringBuilder html;
     html.append("<span class=\"error\">");
     html.append("(e) ");
-    html.append(vm().join_arguments());
+    html.append(escape_html_entities(vm().join_arguments()));
     html.append("</span>");
     m_console_widget.print_html(html.string_view());
     return JS::js_undefined();
@@ -94,7 +94,7 @@ JS::Value BrowserConsoleClient::clear()
 JS::Value BrowserConsoleClient::trace()
 {
     StringBuilder html;
-    html.append(vm().join_arguments());
+    html.append(escape_html_entities(vm().join_arguments()));
     auto trace = get_trace();
     for (auto& function_name : trace) {
         if (function_name.is_empty())
diff --git a/Userland/Services/WebContent/WebContentConsoleClient.cpp b/Userland/Services/WebContent/WebContentConsoleClient.cpp
index f8916fd3b3..e766cdfacf 100644
--- a/Userland/Services/WebContent/WebContentConsoleClient.cpp
+++ b/Userland/Services/WebContent/WebContentConsoleClient.cpp
@@ -81,7 +81,7 @@ void WebContentConsoleClient::clear_output()
 
 JS::Value WebContentConsoleClient::log()
 {
-    print_html(vm().join_arguments());
+    print_html(escape_html_entities(vm().join_arguments()));
     return JS::js_undefined();
 }
 
@@ -90,7 +90,7 @@ JS::Value WebContentConsoleClient::info()
     StringBuilder html;
     html.append("<span class=\"info\">");
     html.append("(i) ");
-    html.append(vm().join_arguments());
+    html.append(escape_html_entities(vm().join_arguments()));
     html.append("</span>");
     print_html(html.string_view());
     return JS::js_undefined();
@@ -101,7 +101,7 @@ JS::Value WebContentConsoleClient::debug()
     StringBuilder html;
     html.append("<span class=\"debug\">");
     html.append("(d) ");
-    html.append(vm().join_arguments());
+    html.append(escape_html_entities(vm().join_arguments()));
     html.append("</span>");
     print_html(html.string_view());
     return JS::js_undefined();
@@ -112,7 +112,7 @@ JS::Value WebContentConsoleClient::warn()
     StringBuilder html;
     html.append("<span class=\"warn\">");
     html.append("(w) ");
-    html.append(vm().join_arguments());
+    html.append(escape_html_entities(vm().join_arguments()));
     html.append("</span>");
     print_html(html.string_view());
     return JS::js_undefined();
@@ -123,7 +123,7 @@ JS::Value WebContentConsoleClient::error()
     StringBuilder html;
     html.append("<span class=\"error\">");
     html.append("(e) ");
-    html.append(vm().join_arguments());
+    html.append(escape_html_entities(vm().join_arguments()));
     html.append("</span>");
     print_html(html.string_view());
     return JS::js_undefined();
@@ -138,7 +138,7 @@ JS::Value WebContentConsoleClient::clear()
 JS::Value WebContentConsoleClient::trace()
 {
     StringBuilder html;
-    html.append(vm().join_arguments());
+    html.append(escape_html_entities(vm().join_arguments()));
     auto trace = get_trace();
     for (auto& function_name : trace) {
         if (function_name.is_empty())