From cbeadbd18e843f939d5e70216d141a283836e938 Mon Sep 17 00:00:00 2001
From: BroodjeAap <david@broodjeaap.net>
Date: Sun, 2 Oct 2022 15:21:05 +0000
Subject: [PATCH] escape html in filter log message

---
 models.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/models.go b/models.go
index ffccdf2..9dc38d7 100644
--- a/models.go
+++ b/models.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"fmt"
+	"html"
 	"time"
 )
 
@@ -28,11 +29,11 @@ type Filter struct {
 }
 
 func (filter *Filter) logf(format string, v ...any) {
-	filter.Logs = append(filter.Logs, fmt.Sprintf(format, v...))
+	filter.Logs = append(filter.Logs, html.EscapeString(fmt.Sprintf(format, v...)))
 }
 
 func (filter *Filter) log(v ...any) {
-	filter.Logs = append(filter.Logs, fmt.Sprint(v...))
+	filter.Logs = append(filter.Logs, html.EscapeString(fmt.Sprint(v...)))
 }
 
 type FilterConnection struct {