From 3436317c0831e460179a41d2b560c92995b1a21a Mon Sep 17 00:00:00 2001
From: Linus Groh <mail@linusgroh.de>
Date: Thu, 17 Dec 2020 14:26:46 +0000
Subject: [PATCH] LibWeb: Escape text nodes in innerHTML getter

---
 Libraries/LibWeb/DOM/Element.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Libraries/LibWeb/DOM/Element.cpp b/Libraries/LibWeb/DOM/Element.cpp
index fa8ea02217..8c14451599 100644
--- a/Libraries/LibWeb/DOM/Element.cpp
+++ b/Libraries/LibWeb/DOM/Element.cpp
@@ -316,8 +316,10 @@ String Element::inner_html() const
                 builder.append('>');
             }
             if (child->is_text()) {
-                builder.append(downcast<Text>(*child).data());
+                auto& text = downcast<Text>(*child);
+                builder.append(escape_string(text.data(), false));
             }
+            // FIXME: Also handle Comment, ProcessingInstruction, DocumentType
         }
     };
     recurse(*this);