diff --git a/public/recovery.html b/public/recovery.html
index 2a46d8fc..92e3c641 100644
--- a/public/recovery.html
+++ b/public/recovery.html
@@ -42,6 +42,21 @@
elt.className = elt.className.replace(/ hide/, '');
}
+ var entityMap = {
+ "&": "&",
+ "<": "<",
+ ">": ">",
+ '"': '"',
+ "'": ''',
+ "/": '/'
+ };
+
+ function escapeHtml(string) {
+ return String(string).replace(/[&<>"'\/]/g, function(s) {
+ return entityMap[s];
+ });
+ }
+
function listFiles() {
// List files
var fileListElt = document.querySelector('.file-list');
@@ -56,7 +71,7 @@
' ',
- fileTitle,
+ escapeHtml(fileTitle),
].join('');
fileListElt.appendChild(divElt);
}