From 89356918f1fd59a49f139b257246a52b33db28bc Mon Sep 17 00:00:00 2001
From: zadam <adam.zivner@gmail.com>
Date: Wed, 24 Jun 2020 21:07:55 +0200
Subject: [PATCH] fix unescaped HTML in the tree node title, closes #1127

---
 src/public/app/services/utils.js    | 13 ++++++++++++-
 src/public/app/widgets/note_tree.js |  3 ++-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/src/public/app/services/utils.js b/src/public/app/services/utils.js
index 18f8c3801..434c50f6e 100644
--- a/src/public/app/services/utils.js
+++ b/src/public/app/services/utils.js
@@ -64,8 +64,19 @@ function assertArguments() {
     }
 }
 
+const entityMap = {
+    '&': '&amp;',
+    '<': '&lt;',
+    '>': '&gt;',
+    '"': '&quot;',
+    "'": '&#39;',
+    '/': '&#x2F;',
+    '`': '&#x60;',
+    '=': '&#x3D;'
+};
+
 function escapeHtml(str) {
-    return $('<div/>').text(str).html();
+    return str.replace(/[&<>"'`=\/]/g, s => entityMap[s]);
 }
 
 async function stopWatch(what, func) {
diff --git a/src/public/app/widgets/note_tree.js b/src/public/app/widgets/note_tree.js
index df07f6b12..6499634eb 100644
--- a/src/public/app/widgets/note_tree.js
+++ b/src/public/app/widgets/note_tree.js
@@ -862,13 +862,14 @@ export default class NoteTreeWidget extends TabAwareWidget {
         const branch = treeCache.getBranch(node.data.branchId);
 
         const isFolder = this.isFolder(note);
+        const title = (branch.prefix ? (branch.prefix + " - ") : "") + note.title;
 
         node.data.isProtected = note.isProtected;
         node.data.noteType = note.type;
         node.folder = isFolder;
         node.icon = this.getIcon(note, isFolder);
         node.extraClasses = this.getExtraClasses(note);
-        node.title = (branch.prefix ? (branch.prefix + " - ") : "") + note.title;
+        node.title = utils.escapeHtml(title);
 
         if (node.isExpanded() !== branch.isExpanded) {
             node.setExpanded(branch.isExpanded, {noEvents: true});