Merge pull request #1549 from brun0ne/fix-xss

Fixed xss in addOperation

src/web/waiters/RecipeWaiter.mjs

@@ -396,7 +396,11 @@ class RecipeWaiter {
         const item = document.createElement("li");
 
         item.classList.add("operation");
-        item.innerHTML = name;
+
+        if (this.app.operations[name] != null) {
+            item.innerHTML = name;
+        }
+
         this.buildRecipeOperation(item);
         document.getElementById("rec-list").appendChild(item);