From c8fb7f924657782165c05b71bd1ce15d5329090c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <barisusakli@gmail.com>
Date: Sun, 19 Jan 2020 22:03:18 -0500
Subject: [PATCH] fix: escape register query param

---
 public/src/app.js                | 2 +-
 public/src/modules/translator.js | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/public/src/app.js b/public/src/app.js
index 82a2a8c478..f8a3a643ef 100644
--- a/public/src/app.js
+++ b/public/src/app.js
@@ -398,7 +398,7 @@ app.cacheBuster = null;
 		}
 		if (registerMessage) {
 			$(document).ready(function () {
-				showAlert('register', decodeURIComponent(registerMessage));
+				showAlert('register', utils.escapeHTML(decodeURIComponent(registerMessage)));
 				registerMessage = false;
 			});
 		}
diff --git a/public/src/modules/translator.js b/public/src/modules/translator.js
index 74d6b867c2..5c7b3366e2 100644
--- a/public/src/modules/translator.js
+++ b/public/src/modules/translator.js
@@ -361,7 +361,7 @@
 
 			var nodes = descendantTextNodes(element);
 			var text = nodes.map(function (node) {
-				return node.nodeValue;
+				return utils.escapeHTML(node.nodeValue);
 			}).join('  ||  ');
 
 			var attrNodes = attributes.reduce(function (prev, attr) {