From 3ad4aa2196eb5eeeac175f3361b268e3f3cc3170 Mon Sep 17 00:00:00 2001
From: RaidMax <raidmax@live.com>
Date: Mon, 25 Apr 2022 10:43:16 -0500
Subject: [PATCH] escape html characters in web console output

---
 WebfrontCore/wwwroot/js/console.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/WebfrontCore/wwwroot/js/console.js b/WebfrontCore/wwwroot/js/console.js
index 90e6a84fa..65cea1f82 100644
--- a/WebfrontCore/wwwroot/js/console.js
+++ b/WebfrontCore/wwwroot/js/console.js
@@ -13,7 +13,7 @@
             
             hideLoader();
             response.map(r => r.response).forEach(item => {
-                $('#console_command_response').append(`<div>${item}</div>`);
+                $('#console_command_response').append(`<div>${escapeHtml(item)}</div>`);
             })
             
             $('#console_command_response').append('<hr/>')
@@ -26,7 +26,7 @@
             
             if (response.status < 500) {
                 response.responseJSON.map(r => r.response).forEach(item => {
-                    $('#console_command_response').append(`<div class="text-danger">${item}</div>`);
+                    $('#console_command_response').append(`<div class="text-danger">${escapeHtml(item)}</div>`);
                 })
             } else {
                 $('#console_command_response').append(`<div class="text-danger">Could not execute command...</div>`);