From faca02d2574184e6d2e074405b0e389236dd6d8c Mon Sep 17 00:00:00 2001
From: Mark Haslinghuis <mark@numloq.nl>
Date: Sun, 15 Jun 2025 23:53:39 +0200
Subject: [PATCH] Prevent XSS attack

---
 src/js/msp/msp_debug_dashboard.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/js/msp/msp_debug_dashboard.js b/src/js/msp/msp_debug_dashboard.js
index 1cee34ba..deec1ddb 100644
--- a/src/js/msp/msp_debug_dashboard.js
+++ b/src/js/msp/msp_debug_dashboard.js
@@ -794,7 +794,10 @@ export class MSPDebugDashboard {
         };
 
         container.innerHTML = activeAlerts
-            .map(([alertType, _]) => `<div class="alert-item">${alertMessages[alertType] || alertType}</div>`)
+            .map(
+                ([alertType, _]) =>
+                    `<div class="alert-item">${alertMessages[alertType] || this.escapeHtml(alertType)}</div>`,
+            )
             .join("");
     }