Bug Report: showDupes() not HTML-escaping field content

Clicking on Show Duplicates results in this browser search showing nothing.

The issue is that the field content is not HTML-escaped.
Searching for <&> shows the duplicate notes:

This can be fixed by changing this line in editor.py:

- contents = stripHTMLMedia(self.note.fields[0])
+ contents = html.escape(stripHTMLMedia(self.note.fields[0]))

1 Like

Thanks, will make this change.