diff --git a/src/components/listview/listview.js b/src/components/listview/listview.js index d6c34172f8..eaa526dbd4 100644 --- a/src/components/listview/listview.js +++ b/src/components/listview/listview.js @@ -149,7 +149,7 @@ import ServerConnections from '../ServerConnections'; elem.classList.add('listItemBodyText'); - elem.innerHTML = '' + text + ''; + elem.innerHTML = '' + escapeHtml(text) + ''; html += elem.outerHTML; } diff --git a/src/controllers/itemDetails/index.js b/src/controllers/itemDetails/index.js index 1de235ffe3..6e238a7045 100644 --- a/src/controllers/itemDetails/index.js +++ b/src/controllers/itemDetails/index.js @@ -1068,7 +1068,7 @@ function renderTagline(page, item) { if (item.Taglines && item.Taglines.length) { taglineElement.classList.remove('hide'); - taglineElement.innerHTML = '' + item.Taglines[0] + ''; + taglineElement.innerHTML = '' + escapeHtml(item.Taglines[0]) + ''; } else { taglineElement.classList.add('hide'); }