From 0c83a706e646c0248aac5d238f59e68e80afa34e Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Thu, 13 Sep 2018 11:43:12 +0200
Subject: [PATCH] api-viewer: correctly escape html when displaying return
 types.

Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
---
 api-viewer/PVEAPI.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/api-viewer/PVEAPI.js b/api-viewer/PVEAPI.js
index 835322f..1c34ef2 100644
--- a/api-viewer/PVEAPI.js
+++ b/api-viewer/PVEAPI.js
@@ -198,12 +198,12 @@ Ext.onReady(function() {
 
 		    var returnhtml;
 		    if (retinf.items) {
-			returnhtml = '<pre>items: ' + JSON.stringify(retinf.items, null, 4) + '</pre>';
+			returnhtml = '<pre>items: ' + Ext.htmlEncode(JSON.stringify(retinf.items, null, 4)) + '</pre>';
 		    }
 
 		    if (retinf.properties) {
 			returnhtml = returnhtml || '';
-			returnhtml += '<pre>properties:' + JSON.stringify(retinf.properties, null, 4);
+			returnhtml += '<pre>properties:' + Ext.htmlEncode(JSON.stringify(retinf.properties, null, 4));
 		    }
 
 		    sections.push({
-- 
2.39.2