escape html for external strings

2024-10-08 20:46:12 +02:00
parent 9f0c460161
commit 0c41d48963
2 changed files with 3 additions and 11 deletions
--- a/src/tools/icon-utils.ts
+++ b/src/tools/icon-utils.ts
@@ -7,6 +7,7 @@ import {
  isFileExcalidraw,
  warnDebug,
 } from './utils'
+import { escapeHTML } from './text-processing'

 export interface IconPacks {
  prefixToIconPack: { [prefix: string]: string }
@@ -133,7 +134,7 @@ export async function loadIconSVG(

  if (!prefix) {
    // No prefix, assume it's an emoji or text
-    return `<span class="omnisearch-result__icon--emoji">${name}</span>`
+    return `<span class="omnisearch-result__icon--emoji">${escapeHTML(name)}</span>`
  }

  const iconPackName = prefixToIconPack[prefix]