From c71c5c4fcbc2873281a3fbd7ba2ffc9f4f10f470 Mon Sep 17 00:00:00 2001
From: Maxence Lange <maxence@artificial-owl.com>
Date: Mon, 16 Oct 2023 08:47:08 -0100
Subject: [PATCH] escape html

Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
---
 js/files/circles.files.list.js | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/js/files/circles.files.list.js b/js/files/circles.files.list.js
index 6733bd155..a9e4e5b2a 100644
--- a/js/files/circles.files.list.js
+++ b/js/files/circles.files.list.js
@@ -124,11 +124,20 @@
 					},
 
 					formatResult: function(circle) {
-						return circle.name;
+						return this.escapeHTML(circle.name);
 					},
 
 					formatSelection: function(circle) {
-						return circle.name;
+						return this.escapeHTML(circle.name);
+					},
+
+					escapeHTML: function (text) {
+						return text.toString()
+							.split('&').join('&amp;')
+							.split('<').join('&lt;')
+							.split('>').join('&gt;')
+							.split('"').join('&quot;')
+							.split('\'').join('&#039;');
 					},
 
 					sortResults: function(results) {