From 47071ca00785e254fce03f77ad14bf3069c780c5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Johan=20A=CC=8Ahle=CC=81n?= <johan@johanahlen.com>
Date: Fri, 21 Jul 2023 15:59:06 +0200
Subject: [PATCH] [editor] Sanitize contents when copying results to the
 clipboard

---
 desktop/core/src/desktop/js/utils/html/html2text.ts          | 5 ++++-
 .../src/desktop/templates/common_notebook_ko_components.mako | 2 +-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/desktop/core/src/desktop/js/utils/html/html2text.ts b/desktop/core/src/desktop/js/utils/html/html2text.ts
index da46eb1efbe..29b004c1fb4 100644
--- a/desktop/core/src/desktop/js/utils/html/html2text.ts
+++ b/desktop/core/src/desktop/js/utils/html/html2text.ts
@@ -14,9 +14,12 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+import deXSS from './deXSS';
+
 const html2text = (value: string): string => {
   const element = document.createElement('div');
-  element.innerHTML = value;
+  const clean = deXSS(value);
+  element.innerHTML = clean;
   return element.innerText.replace(/\u00A0/g, ' ');
 };
 
diff --git a/desktop/core/src/desktop/templates/common_notebook_ko_components.mako b/desktop/core/src/desktop/templates/common_notebook_ko_components.mako
index 6410a44ebb4..9e1931f3cbb 100644
--- a/desktop/core/src/desktop/templates/common_notebook_ko_components.mako
+++ b/desktop/core/src/desktop/templates/common_notebook_ko_components.mako
@@ -414,7 +414,7 @@ else:
                 }
                 result += '</tr>';
               });
-              $('.clipboard-content').html(result);
+              $('.clipboard-content').html(hueUtils.deXSS(result));
             } else {
               $('.clipboard-content').html(window.I18n('Error while copying results.'));
             }