From e37ce9b99caf643bbb2c755822180113badc8681 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lo=C3=AFc=20Mangeonjean?= <loic@coderpad.io>
Date: Thu, 15 Sep 2022 10:28:11 +0200
Subject: [PATCH] fix: prevent XSS in tooltip label

---
 src/ts/RemoteCursorWidget.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ts/RemoteCursorWidget.ts b/src/ts/RemoteCursorWidget.ts
index 3f99381..8ad38d8 100644
--- a/src/ts/RemoteCursorWidget.ts
+++ b/src/ts/RemoteCursorWidget.ts
@@ -75,7 +75,7 @@ export class RemoteCursorWidget implements editor.IContentWidget, IDisposable {
       this._tooltipNode = document.createElement("div");
       this._tooltipNode.className = classNames('monaco-remote-cursor-tooltip', tooltipClassName)
       this._tooltipNode.style.background = color;
-      this._tooltipNode.innerHTML = label;
+      this._tooltipNode.innerText = label;
       this._domNode.appendChild(this._tooltipNode);
 
       // we only need to listen to scroll positions to update the