Escape error content displayed when subscribing fails (as it might contain HTML).

author: wn_ <invalid@email.com> 2025-06-17 17:59:10 +0000
committer: wn_ <invalid@email.com> 2025-06-17 17:59:10 +0000
commit: 5b0d3257337c0296eba66537b87c9143d89a160f (patch)
tree: 33117d5952ffc5fbb9a6eddda4c41dd57069c511
parent: ef1f3cbcef50aecc126c4d29946407e0710ff97d (diff)
2 files changed, 2 insertions, 2 deletions
diff --git a/classes/Feeds.php b/classes/Feeds.php
index 242801891..a58c42e34 100644
--- a/classes/Feeds.php
+++ b/classes/Feeds.php
@@ -1035,7 +1035,7 @@ class Feeds extends Handler_Protected {
 				UrlHelper::$fetch_last_error .= " (feed behind Cloudflare)";
 			}
 
-			return array("code" => 5, "message" => UrlHelper::$fetch_last_error);
+			return array("code" => 5, "message" => truncate_string(UrlHelper::$fetch_last_error, 1000, '…'));
 		}
 
 		if (str_contains(UrlHelper::$fetch_last_content_type, "html") && self::_is_html($contents)) {
diff --git a/js/CommonDialogs.js b/js/CommonDialogs.js
index dcf25a566..124c8a17d 100644
--- a/js/CommonDialogs.js
+++ b/js/CommonDialogs.js
@@ -195,7 +195,7 @@ const	CommonDialogs = {
 													}
 													break;
 												case 5:
-													dialog.show_error(__("Couldn't download the specified URL: %s").replace("%s", rc['message']));
+													dialog.show_error(__("Couldn't download the specified URL: %s").replace("%s", App.escapeHtml(rc['message'])));
 													break;
 												case 6:
 													dialog.show_error(__("XML validation failed: %s").replace("%s", rc['message']));
author	wn_ <invalid@email.com>	2025-06-17 17:59:10 +0000
committer	wn_ <invalid@email.com>	2025-06-17 17:59:10 +0000
commit	5b0d3257337c0296eba66537b87c9143d89a160f (patch)
tree	33117d5952ffc5fbb9a6eddda4c41dd57069c511
parent	ef1f3cbcef50aecc126c4d29946407e0710ff97d (diff)