From 6d3ca3f56cf2675500cebc3f542d2c06a0cba646 Mon Sep 17 00:00:00 2001
From: Brunon Blok <43315279+brun0ne@users.noreply.github.com>
Date: Thu, 6 Apr 2023 23:31:45 +0000
Subject: [PATCH] fix xss in addOperation

---
 src/web/waiters/RecipeWaiter.mjs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/web/waiters/RecipeWaiter.mjs b/src/web/waiters/RecipeWaiter.mjs
index 42e763b04..2722a9c2f 100755
--- a/src/web/waiters/RecipeWaiter.mjs
+++ b/src/web/waiters/RecipeWaiter.mjs
@@ -396,7 +396,7 @@ class RecipeWaiter {
         const item = document.createElement("li");
 
         item.classList.add("operation");
-        item.innerHTML = name;
+        item.innerHTML = Utils.escapeHtml(name);
         this.buildRecipeOperation(item);
         document.getElementById("rec-list").appendChild(item);