Fixing MM-36062 extra detail

webapp/src/utils.test.ts

@@ -29,7 +29,7 @@ describe('utils', () => {
         test('should not allow XSS on links href on the desktop app', () => {
             const windowAsAny = window as any
             windowAsAny.openInNewBrowser = () => null
-            const expectedHtml = '<p><a target="_blank" rel="noreferrer" href="%22xss-attack=%22true%22other=%22whatever" title="" onclick="event.stopPropagation(); openInNewBrowser && openInNewBrowser(\'%22xss-attack=%22true%22other=%22whatever\');"></a></p>'
+            const expectedHtml = '<p><a target="_blank" rel="noreferrer" href="%22xss-attack=%22true%22other=%22whatever" title="" onclick="event.stopPropagation(); openInNewBrowser && openInNewBrowser(&quot;%22xss-attack=%22true%22other=%22whatever&quot;);"></a></p>'
             expect(Utils.htmlFromMarkdown('[]("xss-attack="true"other="whatever)')).toBe(expectedHtml)
             windowAsAny.openInNewBrowser = null
         })

webapp/src/utils.ts

@@ -113,7 +113,7 @@ class Utils {
         // HACKHACK: Somehow, marked doesn't encode angle brackets
         const renderer = new marked.Renderer()
         if ((window as any).openInNewBrowser) {
-            renderer.link = (href, title, contents) => `<a target="_blank" rel="noreferrer" href="${encodeURI(href || '')}" title="${title ? encodeURI(title) : ''}" onclick="event.stopPropagation(); openInNewBrowser && openInNewBrowser('${encodeURI(href || '')}');">${contents}</a>`
+            renderer.link = (href, title, contents) => `<a target="_blank" rel="noreferrer" href="${encodeURI(href || '')}" title="${title ? encodeURI(title) : ''}" onclick="event.stopPropagation(); openInNewBrowser && openInNewBrowser(&quot;${encodeURI(href || '')}&quot;);">${contents}</a>`
         }
         const html = marked(text.replace(/</g, '&lt;'), {renderer, breaks: true})
         return html.trim()