From 2a4354c52e9378ce9851a9d1c99dee734b2ca49b Mon Sep 17 00:00:00 2001
From: "DESKTOP-GENO133\\IvanPlex" <ivancheahkf@gmail.com>
Date: Tue, 13 Feb 2024 17:45:41 -0700
Subject: [PATCH] Encode HTML Inputs.

---
 wwwroot/js/garage.js | 8 ++++----
 wwwroot/js/shared.js | 5 +++++
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/wwwroot/js/garage.js b/wwwroot/js/garage.js
index 4c6cb84..a53e614 100644
--- a/wwwroot/js/garage.js
+++ b/wwwroot/js/garage.js
@@ -68,13 +68,13 @@ function generateReminderItem(urgency, description) {
     }
     switch (urgency) {
         case "VeryUrgent":
-            return `<p class="badge text-wrap bg-danger">${description}</p>`;
+            return `<p class="badge text-wrap bg-danger">${encodeHTMLInput(description)}</p>`;
         case "PastDue":
-            return `<p class="badge text-wrap bg-secondary">${description}</p>`;
+            return `<p class="badge text-wrap bg-secondary">${encodeHTMLInput(description) }</p>`;
         case "Urgent":
-            return `<p class="badge text-wrap bg-warning">${description}</p>`;
+            return `<p class="badge text-wrap bg-warning">${encodeHTMLInput(description) }</p>`;
         case "NotUrgent":
-            return `<p class="badge text-wrap bg-success">${description}</p>`;
+            return `<p class="badge text-wrap bg-success">${encodeHTMLInput(description) }</p>`;
     }
 }
 function initCalendar() {
diff --git a/wwwroot/js/shared.js b/wwwroot/js/shared.js
index d4c0eb8..3cd096d 100644
--- a/wwwroot/js/shared.js
+++ b/wwwroot/js/shared.js
@@ -160,6 +160,11 @@ function bindWindowResize() {
         hideMobileNav();
     });
 }
+function encodeHTMLInput(input) {
+    const encoded = document.createElement('div');
+    encoded.innerText = input;
+    return encoded.innerHTML;
+}
 function decodeHTMLEntities(text) {
     return $("<textarea/>")
         .html(text)