From ceffa3a1080a41fc522c853024e4dee56be26084 Mon Sep 17 00:00:00 2001
From: Ozzie Isaacs <ozzie.fernandez.isaacs@googlemail.com>
Date: Mon, 30 Aug 2021 17:06:11 +0200
Subject: [PATCH] Removed xss on shelf add/remove action

---
 cps/static/js/details.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cps/static/js/details.js b/cps/static/js/details.js
index 81c1a395..951e404a 100644
--- a/cps/static/js/details.js
+++ b/cps/static/js/details.js
@@ -69,7 +69,7 @@ $("#archived_cb").on("change", function() {
                             templates.remove({
                                 add: this.href,
                                 remove: $this.data("remove-href"),
-                                content: this.textContent
+                                content: $("<div>").text(this.textContent).html()
                             })
                         );
                         break;
@@ -78,7 +78,7 @@ $("#archived_cb").on("change", function() {
                             templates.add({
                                 add: $this.data("add-href"),
                                 remove: this.href,
-                                content: this.textContent
+                                content: $("<div>").text(this.textContent).html(),
                             })
                         );
                         break;