From 5b0d3257337c0296eba66537b87c9143d89a160f Mon Sep 17 00:00:00 2001
From: wn_ <invalid@email.com>
Date: Tue, 17 Jun 2025 17:59:10 +0000
Subject: Escape error content displayed when subscribing fails (as it might
 contain HTML).

---
 js/CommonDialogs.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'js')

diff --git a/js/CommonDialogs.js b/js/CommonDialogs.js
index dcf25a566..124c8a17d 100644
--- a/js/CommonDialogs.js
+++ b/js/CommonDialogs.js
@@ -195,7 +195,7 @@ const	CommonDialogs = {
 													}
 													break;
 												case 5:
-													dialog.show_error(__("Couldn't download the specified URL: %s").replace("%s", rc['message']));
+													dialog.show_error(__("Couldn't download the specified URL: %s").replace("%s", App.escapeHtml(rc['message'])));
 													break;
 												case 6:
 													dialog.show_error(__("XML validation failed: %s").replace("%s", rc['message']));
-- 
cgit v1.2.3-54-g00ecf