From 926add49f2f2a3db3ad5e0c684fc1e371169e960 Mon Sep 17 00:00:00 2001
From: Patrizio Bekerle <patrizio.bekerle@tugraz.at>
Date: Tue, 25 Feb 2020 11:31:29 +0100
Subject: [PATCH] Escape error messages after stripping html tags

---
 packages/common/error.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/common/error.js b/packages/common/error.js
index 786cc72f..7ffd56ae 100644
--- a/packages/common/error.js
+++ b/packages/common/error.js
@@ -35,7 +35,7 @@ export const handleXhrError = (jqXHR, textStatus, errorThrown, icon = "sad") =>
 
     notify({
         "summary": i18n.t('error.summary'),
-        "body": stripHTML(body),
+        "body": escapeHTML(stripHTML(body)),
         "icon": icon,
         "type": "danger",
     });
@@ -84,7 +84,7 @@ export const handleFetchError = async (error, summary = "", icon = "sad") => {
 
     notify({
         "summary": summary === "" ? i18n.t('error.summary') : summary,
-        "body": stripHTML(body),
+        "body": escapeHTML(stripHTML(body)),
         "icon": icon,
         "type": "danger",
     });
-- 
GitLab