escape HTML chars

Valmontechno · Valmontechno · commit cafec25b38b0 · 2025-08-21T12:24:39.000+02:00
diff --git a/addon-api/content-script/blocks.js b/addon-api/content-script/blocks.js
@@ -152,7 +152,7 @@ const generateBlockXML = () => {
         ` argumentdefaults="${escapeHTML(JSON.stringify(defaults))}"` +
         "></mutation></block>";
     } else {
-      xml += `<block type="${blockData.type}"><field name="VALUE">${blockData.id}</field></block>`;
+      xml += `<block type="${escapeHTML(blockData.type)}"><field name="VALUE">${escapeHTML(blockData.id)}</field></block>`;
     }
   }
   if (xml.length === 0) {

Original file line number	Diff line number	Diff line change
`@@ -152,7 +152,7 @@ const generateBlockXML = () => {`
`152`	`152`	` argumentdefaults="${escapeHTML(JSON.stringify(defaults))}"` +
`153`	`153`	`"></mutation></block>";`
`154`	`154`	`} else {`
`155`		- xml += `<block type="${blockData.type}"><field name="VALUE">${blockData.id}</field></block>`;
	`155`	+ xml += `<block type="${escapeHTML(blockData.type)}"><field name="VALUE">${escapeHTML(blockData.id)}</field></block>`;
`156`	`156`	`}`
`157`	`157`	`}`
`158`	`158`	`if (xml.length === 0) {`