From dde1d9b2c886388d98da793d6d74d802cf864973 Mon Sep 17 00:00:00 2001
From: Greyson Parrelli <greyson@signal.org>
Date: Mon, 25 Aug 2025 15:51:33 -0400
Subject: [PATCH] Ensure that debuglog search queries are escaped.

Thank you to Aref Alotaibi <arefalotaibi.cs@gmail.com> for discovering
and reporting this issue!
---
 .../main/java/org/signal/debuglogsviewer/DebugLogsViewer.kt    | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/debuglogs-viewer/lib/src/main/java/org/signal/debuglogsviewer/DebugLogsViewer.kt b/debuglogs-viewer/lib/src/main/java/org/signal/debuglogsviewer/DebugLogsViewer.kt
index ac3f8810ae..db9a66547e 100644
--- a/debuglogs-viewer/lib/src/main/java/org/signal/debuglogsviewer/DebugLogsViewer.kt
+++ b/debuglogs-viewer/lib/src/main/java/org/signal/debuglogsviewer/DebugLogsViewer.kt
@@ -88,7 +88,8 @@ object DebugLogsViewer {
 
   @JvmStatic
   fun onSearchInput(webview: WebView, query: String) {
-    webview.evaluateJavascript("onSearchInput('$query')", null)
+    val escaped = JSONObject.quote(query)
+    webview.evaluateJavascript("onSearchInput($escaped)", null)
   }
 
   @JvmStatic