5.2.1

BUGFIX #119 : Recipe names are now correctly escaped.
2026-02-24 02:31:45 +01:00 · 2017-04-24 11:54:05 +00:00 · 2017-04-24 11:53:55 +00:00
2 changed files with 4 additions and 3 deletions
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "cyberchef",
-  "version": "5.2.0",
+  "version": "5.2.1",
  "description": "CyberChef is a simple, intuitive web app for analysing and decoding data within a web browser.",
  "author": "n1474335 <n1474335@gmail.com>",
  "homepage": "https://gchq.github.io/CyberChef",
--- a/src/web/ControlsWaiter.js
+++ b/src/web/ControlsWaiter.js
@@ -244,7 +244,7 @@ ControlsWaiter.prototype.loadClick = function() {
 * Saves the recipe specified in the save textarea to local storage.
 */
 ControlsWaiter.prototype.saveButtonClick = function() {
-    var recipeName = document.getElementById("save-name").value,
+    var recipeName = Utils.escapeHtml(document.getElementById("save-name").value),
        recipeStr  = document.getElementById("save-text").value;

    if (!recipeName) {
@@ -288,7 +288,8 @@ ControlsWaiter.prototype.populateLoadRecipesList = function() {
    for (i = 0; i < savedRecipes.length; i++) {
        var opt = document.createElement("option");
        opt.value = savedRecipes[i].id;
-        opt.innerHTML = savedRecipes[i].name;
+        // Unescape then re-escape in case localStorage has been corrupted
+        opt.innerHTML = Utils.escapeHtml(Utils.unescapeHtml(savedRecipes[i].name));

        loadNameEl.appendChild(opt);
    }
Author	SHA1	Message	Date
n1474335	7e7da26f29	5.2.1	2017-04-24 11:54:05 +00:00
n1474335	4375a151dd	BUGFIX #119 : Recipe names are now correctly escaped.	2017-04-24 11:53:55 +00:00