From e35ef8f39ba8b47bc23a339e35adfcbda67be2bc Mon Sep 17 00:00:00 2001
From: j433866 <j433866@gmail.com>
Date: Fri, 14 Jun 2019 14:31:38 +0100
Subject: [PATCH] Escape HTML for error messages being sent to alert

---
 src/web/App.mjs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/web/App.mjs b/src/web/App.mjs
index ac97de4c..8019d483 100755
--- a/src/web/App.mjs
+++ b/src/web/App.mjs
@@ -108,7 +108,7 @@ class App {
     handleError(err, logToConsole) {
         if (logToConsole) log.error(err);
         const msg = err.displayStr || err.toString();
-        this.alert(msg, this.options.errorTimeout, !this.options.showErrors);
+        this.alert(Utils.escapeHtml(msg), this.options.errorTimeout, !this.options.showErrors);
     }