Queries: escape querystatus.fieldtext

Even though right now the API doesn't include any HTML code, it's a better practice to be defensive here. Signed-off-by: XhmikosR <xhmikosr@gmail.com>
2025-12-20 02:38:28 +00:00 · 2025-03-27 16:41:22 +02:00
parent af26dbbbf7
commit 85ac52adfe
1 changed files with 1 additions and 1 deletions
--- a/scripts/js/queries.js
+++ b/scripts/js/queries.js
@@ -590,7 +590,7 @@ $(function () {
            " " +
            querystatus.colorClass +
            "' title='" +
-            querystatus.fieldtext +
+            utils.escapeHtml(querystatus.fieldtext) +
            "'></i>"
        );
      } else if (querystatus.colorClass !== false) {