Merge pull request #882 from klensy/fix-empty-query

escape query name to prevent rendering it as html

Author: Mark-Simulacrum

site/static/detailed-query.html

@@ -273,7 +273,8 @@ <h3 id="title"></h3>
         function to_object(element) {
             if (!element.length) {
                 element = [
-                    element.label,
+                    // escape html, to prevent rendering queries like <unknown> as tags
+                    escapeHtml(element.label),
                     [ element.self_time.secs, element.self_time.nanos ],
                     element.percent_total_time,
                     element.number_of_cache_misses,

site/static/shared.js

@@ -252,3 +252,13 @@ function make_request(path, body) {
         console.log("error fetching ", path, ": ", err);
     });
 }
+
+// https://stackoverflow.com/questions/6234773
+function escapeHtml(unsafe) {
+    return unsafe
+        .replace(/&/g, "&")
+        .replace(/</g, "&lt;")
+        .replace(/>/g, "&gt;")
+        .replace(/"/g, "&quot;")
+        .replace(/'/g, "&#039;");
+}