From c1f187693adc4fcac932d5296fcd8412db6f9ab5 Mon Sep 17 00:00:00 2001
From: Sebastian Serth <Sebastian.Serth@hpi.de>
Date: Wed, 3 Feb 2021 17:00:50 +0100
Subject: [PATCH] Escape HTML from test results

---
 app/assets/javascripts/editor/editor.js.erb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/assets/javascripts/editor/editor.js.erb b/app/assets/javascripts/editor/editor.js.erb
index 28095b2e..9468bd85 100644
--- a/app/assets/javascripts/editor/editor.js.erb
+++ b/app/assets/javascripts/editor/editor.js.erb
@@ -508,7 +508,7 @@ var CodeOceanEditor = {
                         const context = `${check_run.file_name}: ${check_run.line}${scope}`;
                         const line_link = `<a href='#' data-file='${check_run.file_name}' data-line='${check_run.line}'>${context}</a>`;
                         const message = `${check_run.name}: ${check_run.result} (${line_link})`;
-                        const sub_text = $.parseHTML(message);
+                        const sub_text = document.createTextNode(message);
                         $(sub_li).append(sub_text).on("click", "a", this.jumpToSourceLine.bind(this));
                         sub_ul.append(sub_li);
                     }
@@ -519,7 +519,7 @@ var CodeOceanEditor = {
             } else {
               errorMessagesToShow.forEach(function (item) {
                   var li = document.createElement("li");
-                  var text = $.parseHTML(item);
+                  var text = document.createTextNode(item);
                   $(li).append(text);
                   ul.append(li);
               })