Merge remote-tracking branch 'refs/remotes/upstream/master'

Conflicts:
	build/prod/cyberchef.htm
	build/prod/index.html
	build/prod/scripts.js
	src/static/stats.txt

src/js/core/Utils.js

@@ -875,7 +875,10 @@ var Utils = {
      * Utils.escape_html("A <script> tag");
      */
     escape_html: function(str) {
-        return str.replace(/</g, "&lt;");
+        return str.replace(/</g, "&lt;")
+                  .replace(/'/g, "&apos;")
+                  .replace(/"/g, '&quot;')
+                  .replace(/&/g, "&amp;");
     },
 
 

src/js/operations/Base64.js

@@ -215,21 +215,21 @@ var Base64 = {
         if (len0 % 4 == 2) {
             static_section = offset0.slice(0, -3);
             offset0 = "<span data-toggle='tooltip' data-placement='top' title='" + 
-                Utils.from_base64(static_section, alphabet).slice(0, -2) + "'>" +
+                Utils.escape_html(Utils.from_base64(static_section, alphabet).slice(0, -2)) + "'>" +
                 static_section + "</span>" +
                 "<span class='hlgreen'>" + offset0.substr(offset0.length - 3, 1) + "</span>" +
                 "<span class='hlred'>" + offset0.substr(offset0.length - 2) + "</span>";
         } else if (len0 % 4 == 3) {
             static_section = offset0.slice(0, -2);
             offset0 = "<span data-toggle='tooltip' data-placement='top' title='" + 
-                Utils.from_base64(static_section, alphabet).slice(0, -1) + "'>" +
+                Utils.escape_html(Utils.from_base64(static_section, alphabet).slice(0, -1)) + "'>" +
                 static_section + "</span>" +
                 "<span class='hlgreen'>" + offset0.substr(offset0.length - 2, 1) + "</span>" +
                 "<span class='hlred'>" + offset0.substr(offset0.length - 1) + "</span>";
         } else {
             static_section = offset0;
             offset0 = "<span data-toggle='tooltip' data-placement='top' title='" + 
-                Utils.from_base64(static_section, alphabet) + "'>" +
+                Utils.escape_html(Utils.from_base64(static_section, alphabet)) + "'>" +
                 static_section + "</span>";
         }
         
@@ -245,21 +245,21 @@ var Base64 = {
         if (len1 % 4 == 2) {
             static_section = offset1.slice(0, -3);
             offset1 = padding + "<span data-toggle='tooltip' data-placement='top' title='" + 
-                Utils.from_base64("AA" + static_section, alphabet).slice(1, -2) + "'>" +
+                Utils.escape_html(Utils.from_base64("AA" + static_section, alphabet).slice(1, -2)) + "'>" +
                 static_section + "</span>" +
                 "<span class='hlgreen'>" + offset1.substr(offset1.length - 3, 1) + "</span>" +
                 "<span class='hlred'>" + offset1.substr(offset1.length - 2) + "</span>";
         } else if (len1 % 4 == 3) {
             static_section = offset1.slice(0, -2);
              offset1 = padding + "<span data-toggle='tooltip' data-placement='top' title='" + 
-                Utils.from_base64("AA" + static_section, alphabet).slice(1, -1) + "'>" +
+                Utils.escape_html(Utils.from_base64("AA" + static_section, alphabet).slice(1, -1)) + "'>" +
                 static_section + "</span>" +
                 "<span class='hlgreen'>" + offset1.substr(offset1.length - 2, 1) + "</span>" +
                 "<span class='hlred'>" + offset1.substr(offset1.length - 1) + "</span>";
         } else {
             static_section = offset1;
             offset1 = padding +  "<span data-toggle='tooltip' data-placement='top' title='" + 
-                Utils.from_base64("AA" + static_section, alphabet).slice(1) + "'>" +
+                Utils.escape_html(Utils.from_base64("AA" + static_section, alphabet).slice(1)) + "'>" +
                 static_section + "</span>";
         }
         
@@ -274,21 +274,21 @@ var Base64 = {
         if (len2 % 4 == 2) {
             static_section = offset2.slice(0, -3);
             offset2 = padding + "<span data-toggle='tooltip' data-placement='top' title='" + 
-                Utils.from_base64("AAA" + static_section, alphabet).slice(2, -2) + "'>" +
+                Utils.escape_html(Utils.from_base64("AAA" + static_section, alphabet).slice(2, -2)) + "'>" +
                 static_section + "</span>" +
                 "<span class='hlgreen'>" + offset2.substr(offset2.length - 3, 1) + "</span>" +
                 "<span class='hlred'>" + offset2.substr(offset2.length - 2) + "</span>";
         } else if (len2 % 4 == 3) {
             static_section = offset2.slice(0, -2);
             offset2 = padding + "<span data-toggle='tooltip' data-placement='top' title='" + 
-                Utils.from_base64("AAA" + static_section, alphabet).slice(2, -2) + "'>" +
+                Utils.escape_html(Utils.from_base64("AAA" + static_section, alphabet).slice(2, -2)) + "'>" +
                 static_section + "</span>" +
                 "<span class='hlgreen'>" + offset2.substr(offset2.length - 2, 1) + "</span>" +
                 "<span class='hlred'>" + offset2.substr(offset2.length - 1) + "</span>";
         } else {
             static_section = offset2;
             offset2 = padding +  "<span data-toggle='tooltip' data-placement='top' title='" + 
-                Utils.from_base64("AAA" + static_section, alphabet).slice(2) + "'>" +
+                Utils.escape_html(Utils.from_base64("AAA" + static_section, alphabet).slice(2)) + "'>" +
                 static_section + "</span>";
         }
         

src/static/stats.txt

@@ -1,18 +1,32 @@
 203	source files
+<<<<<<< HEAD
 104345	lines
 	size
 
 136	JavaScript source files
 95255	lines
 3.5M	size
+=======
+104221	lines
+4.0M	size
+
+136	JavaScript source files
+95131	lines
+3.4M	size
+>>>>>>> master
 
 78	third party JavaScript source files
 76377	lines
 2.8M	size
 
 58	first party JavaScript source files
+<<<<<<< HEAD
 18878	lines
 740K	size
+=======
+18754	lines
+724K	size
+>>>>>>> master
 
 3.2M	uncompressed JavaScript size
 1.7M	compressed JavaScript size