fix: 🐛 Escape '>' character in JavaScript data insertion

PrzemyslawKlys · PrzemyslawKlys · commit f8e8e5006a58 · 2025-09-04T16:51:28.000+02:00
* Updated the data insertion logic to properly escape the '&gt;' character in addition to '&lt;'.
* This change prevents potential issues with JavaScript code execution when HTML tags are included in the data.
diff --git a/Public/New-HTMLTable.ps1 b/Public/New-HTMLTable.ps1
@@ -1325,7 +1325,7 @@
                     # If InvokeHTMLTags is not set, we need to escape HTML characters
                     # By default HTML tags are escaped when using DataStore HTML, but not when using JavaScript
                     # So we need to escape them here, so they don't break the JavaScript code
-                    $DataToInsert = $DataToInsert -replace "<", "&lt;" -replace ">"
+                    $DataToInsert = $DataToInsert -replace "<", "&lt;" -replace ">", "&gt;"
                 }
                 if ($DataToInsert.StartsWith('[')) {
                     $Script:HTMLSchema.CustomFooterJS[$DataStoreID] = "var $DataStoreID = $DataToInsert;"

Original file line number	Diff line number	Diff line change
`@@ -1325,7 +1325,7 @@`
`1325`	`1325`	`# If InvokeHTMLTags is not set, we need to escape HTML characters`
`1326`	`1326`	`# By default HTML tags are escaped when using DataStore HTML, but not when using JavaScript`
`1327`	`1327`	`# So we need to escape them here, so they don't break the JavaScript code`
`1328`		`- $DataToInsert = $DataToInsert -replace "<", "<" -replace ">"`
	`1328`	`+ $DataToInsert = $DataToInsert -replace "<", "<" -replace ">", ">"`
`1329`	`1329`	`}`
`1330`	`1330`	`if ($DataToInsert.StartsWith('[')) {`
`1331`	`1331`	`$Script:HTMLSchema.CustomFooterJS[$DataStoreID] = "var $DataStoreID = $DataToInsert;"`