From 7e412265495da752b2f7d42ca42dcbcadb1e624c Mon Sep 17 00:00:00 2001
From: zadam <zadam.apps@gmail.com>
Date: Sun, 31 Oct 2021 23:12:24 +0100
Subject: [PATCH] fix "XSS" in the new empty tab, closes #2145

---
 src/public/app/services/note_autocomplete.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/public/app/services/note_autocomplete.js b/src/public/app/services/note_autocomplete.js
index 495342ca0..e05d9ad6d 100644
--- a/src/public/app/services/note_autocomplete.js
+++ b/src/public/app/services/note_autocomplete.js
@@ -43,7 +43,7 @@ async function autocompleteSource(term, cb, options = {}) {
                 action: 'create-note',
                 noteTitle: term,
                 parentNoteId: activeNoteId || 'root',
-                highlightedNotePathTitle: `Create and link child note "${term}"`
+                highlightedNotePathTitle: `Create and link child note "${utils.escapeHtml(term)}"`
             }
         ].concat(results);
     }
@@ -53,7 +53,7 @@ async function autocompleteSource(term, cb, options = {}) {
             {
                 action: 'external-link',
                 externalLink: term,
-                highlightedNotePathTitle: `Insert external link to "${term}"`
+                highlightedNotePathTitle: `Insert external link to "${utils.escapeHtml(term)}"`
             }
         ].concat(results);
     }