Escape HTML for error messages being sent to alert

This commit is contained in:
j433866 2019-06-14 14:31:38 +01:00
parent 3cf7238106
commit e35ef8f39b

View File

@ -108,7 +108,7 @@ class App {
handleError(err, logToConsole) { handleError(err, logToConsole) {
if (logToConsole) log.error(err); if (logToConsole) log.error(err);
const msg = err.displayStr || err.toString(); const msg = err.displayStr || err.toString();
this.alert(msg, this.options.errorTimeout, !this.options.showErrors); this.alert(Utils.escapeHtml(msg), this.options.errorTimeout, !this.options.showErrors);
} }