From fd24079fb9f963ef3509720b56d8a477b1a771b8 Mon Sep 17 00:00:00 2001 From: Mike Levin Date: Sat, 9 May 2026 19:28:11 -0400 Subject: [PATCH] Fixing displaying html --- pipulate/core.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/pipulate/core.py b/pipulate/core.py index 098da919..091e985b 100644 --- a/pipulate/core.py +++ b/pipulate/core.py @@ -3,6 +3,7 @@ from pathlib import Path import functools import json +import html import os import re from dotenv import load_dotenv, set_key @@ -3095,13 +3096,15 @@ def copy_button(self, text_to_copy: str, label: str = "Copy Markdown"): # Grab the exact same SVG used in the Chat UI clipboard_svg = CFG.SVG_ICONS.get('CLIPBOARD', '📋') - # Safely escape the text for injection into a JS function - escaped_text = json.dumps(text_to_copy) + # Safely escape the text for JS, and then escape the JS for HTML attribute injection + safe_js_string = json.dumps(text_to_copy) + safe_html_attr = html.escape(safe_js_string) # The HTML payload includes inline JS to trigger the browser's native clipboard API + # Notice we swapped to double-quotes for the onclick attribute to wrap the escaped entities html_payload = f"""
-