diff --git a/web_src/js/features/contextpopup.js b/web_src/js/features/contextpopup.js index a9a0ceee3..c16820cf1 100644 --- a/web_src/js/features/contextpopup.js +++ b/web_src/js/features/contextpopup.js @@ -1,3 +1,4 @@ +import {htmlEscape} from 'escape-goat'; import {svg} from '../svg.js'; const {AppSubUrl} = window.config; @@ -31,7 +32,7 @@ function issuePopup(owner, repo, index, $element) { if ((red * 0.299 + green * 0.587 + blue * 0.114) > 125) { color = '#000000'; } - labels += `
${labels}
`; @@ -64,9 +65,9 @@ function issuePopup(owner, repo, index, $element) { }, html: `${issue.repository.full_name} on ${createdAt}
-${svg(octicon)} ${issue.title} #${index}
-${body}
+${htmlEscape(issue.repository.full_name)} on ${createdAt}
+${svg(octicon)} ${htmlEscape(issue.title)} #${index}
+${htmlEscape(body)}
${labels}