Escape error content displayed when subscribing fails (as it might contain HTML).

author: wn_ <invalid@email.com> 2025-06-17 17:59:10 +0000
committer: wn_ <invalid@email.com> 2025-06-17 17:59:10 +0000
commit: 5b0d3257337c0296eba66537b87c9143d89a160f (patch)
tree: 33117d5952ffc5fbb9a6eddda4c41dd57069c511 /js
parent: ef1f3cbcef50aecc126c4d29946407e0710ff97d (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/js/CommonDialogs.js b/js/CommonDialogs.js
index dcf25a566..124c8a17d 100644
--- a/js/CommonDialogs.js
+++ b/js/CommonDialogs.js
@@ -195,7 +195,7 @@ const	CommonDialogs = {
 													}
 													break;
 												case 5:
-													dialog.show_error(__("Couldn't download the specified URL: %s").replace("%s", rc['message']));
+													dialog.show_error(__("Couldn't download the specified URL: %s").replace("%s", App.escapeHtml(rc['message'])));
 													break;
 												case 6:
 													dialog.show_error(__("XML validation failed: %s").replace("%s", rc['message']));
author	wn_ <invalid@email.com>	2025-06-17 17:59:10 +0000
committer	wn_ <invalid@email.com>	2025-06-17 17:59:10 +0000
commit	5b0d3257337c0296eba66537b87c9143d89a160f (patch)
tree	33117d5952ffc5fbb9a6eddda4c41dd57069c511 /js
parent	ef1f3cbcef50aecc126c4d29946407e0710ff97d (diff)