From deaf23d91013c6e1d0df31639a623444d6405e8b Mon Sep 17 00:00:00 2001
From: Marat Fayzullin <luarvique@gmail.com>
Date: Wed, 11 Oct 2023 21:54:08 -0400
Subject: [PATCH] Escaping HTML in avionics messages.

---
 htdocs/lib/MessagePanel.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/lib/MessagePanel.js b/htdocs/lib/MessagePanel.js
index 4b8e4999..8845be8a 100644
--- a/htdocs/lib/MessagePanel.js
+++ b/htdocs/lib/MessagePanel.js
@@ -458,7 +458,7 @@ HfdlMessagePanel.prototype.pushMessage = function(msg) {
     // Append messsage if present
     if (msg.message) {
         $b.append($(
-            '<tr><td class="message" colspan="4">' + msg.message + '</td></tr>'
+            '<tr><td class="message" colspan="4">' + this.htmlEscape(msg.message) + '</td></tr>'
         ))
     }