9.27.2

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "cyberchef",
-  "version": "9.27.0",
+  "version": "9.27.2",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {

package.json

@@ -1,6 +1,6 @@
 {
   "name": "cyberchef",
-  "version": "9.27.0",
+  "version": "9.27.2",
   "description": "The Cyber Swiss Army Knife for encryption, encoding, compression and data analysis.",
   "author": "n1474335 <n1474335@gmail.com>",
   "homepage": "https://gchq.github.io/CyberChef",

src/core/Utils.mjs

@@ -895,8 +895,8 @@ class Utils {
 
         while ((m = recipeRegex.exec(recipe))) {
             // Translate strings in args back to double-quotes
-            args = m[2]
-                .replace(/"/g, '\\"') // Escape double quotes // lgtm [js/incomplete-sanitization]
+            args = m[2] // lgtm [js/incomplete-sanitization]
+                .replace(/"/g, '\\"') // Escape double quotes
                 .replace(/(^|,|{|:)'/g, '$1"') // Replace opening ' with "
                 .replace(/([^\\]|(?:\\\\)+)'(,|:|}|$)/g, '$1"$2') // Replace closing ' with "
                 .replace(/\\'/g, "'"); // Unescape single quotes

src/core/operations/FuzzyMatch.mjs

@@ -6,6 +6,7 @@
 
 import Operation from "../Operation.mjs";
 import {fuzzyMatch, calcMatchRanges, DEFAULT_WEIGHTS} from "../lib/FuzzyMatch.mjs";
+import Utils from "../Utils.mjs";
 
 /**
  * Fuzzy Match operation
@@ -101,16 +102,16 @@ class FuzzyMatch extends Operation {
             const matchRanges = calcMatchRanges(idxs);
 
             matchRanges.forEach(([start, length], i) => {
-                result += input.slice(pos, start);
+                result += Utils.escapeHtml(input.slice(pos, start));
                 if (i === 0) result += `<span class="${hlClass}">`;
                 pos = start + length;
-                result += `<b>${input.slice(start, pos)}</b>`;
+                result += `<b>${Utils.escapeHtml(input.slice(start, pos))}</b>`;
             });
             result += "</span>";
             hlClass = hlClass === "hl1" ? "hl2" : "hl1";
         });
 
-        result += input.slice(pos, input.length);
+        result += Utils.escapeHtml(input.slice(pos, input.length));
 
         return result;
     }

src/web/App.mjs

@@ -725,7 +725,7 @@ class App {
         this.progress = 0;
         this.autoBake();
 
-        this.updateTitle(false, null, true);
+        this.updateTitle(true, null, true);
     }
 
 

src/web/waiters/ControlsWaiter.mjs

@@ -100,7 +100,7 @@ class ControlsWaiter {
         const includeRecipe = document.getElementById("save-link-recipe-checkbox").checked;
         const includeInput = document.getElementById("save-link-input-checkbox").checked;
         const saveLinkEl = document.getElementById("save-link");
-        const saveLink = this.generateStateUrl(includeRecipe, includeInput, recipeConfig);
+        const saveLink = this.generateStateUrl(includeRecipe, includeInput, null, recipeConfig);
 
         saveLinkEl.innerHTML = Utils.escapeHtml(Utils.truncate(saveLink, 120));
         saveLinkEl.setAttribute("href", saveLink);
@@ -128,11 +128,13 @@ class ControlsWaiter {
         includeRecipe = includeRecipe && (recipeConfig.length > 0);
 
         // If we don't get passed an input, get it from the current URI
-        if (input === null) {
+        if (input === null && includeInput) {
             const params = this.app.getURIParams();
             if (params.input) {
                 includeInput = true;
                 input = params.input;
+            } else {
+                includeInput = false;
             }
         }