diff --git a/web_src/js/features/repo-editor.js b/web_src/js/features/repo-editor.js index 7bf401207ad1..571fed9d2738 100644 --- a/web_src/js/features/repo-editor.js +++ b/web_src/js/features/repo-editor.js @@ -1,3 +1,4 @@ +import {htmlEscape} from 'escape-goat'; import {initMarkupContent} from '../markup/content.js'; import {createCodeEditor} from './codeeditor.js'; @@ -109,7 +110,7 @@ export function initRepoEditor() { value = parts[i]; if (i < parts.length - 1) { if (value.length) { - $(`${value}`).insertBefore($(this)); + $(`${htmlEscape(value)}`).insertBefore($(this)); $('
/
').insertBefore($(this)); } } else {