From cb97072ae2d899a24a1069b0629ff31ea9c9ed93 Mon Sep 17 00:00:00 2001
From: Alan Ren <alanren@microsoft.com>
Date: Mon, 21 Sep 2020 22:41:00 -0700
Subject: [PATCH] escape the value for display (#12547)

---
 src/sql/base/browser/ui/table/plugins/textWithIconColumn.ts | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/sql/base/browser/ui/table/plugins/textWithIconColumn.ts b/src/sql/base/browser/ui/table/plugins/textWithIconColumn.ts
index f4cd02dbb6..80c79d1e9c 100644
--- a/src/sql/base/browser/ui/table/plugins/textWithIconColumn.ts
+++ b/src/sql/base/browser/ui/table/plugins/textWithIconColumn.ts
@@ -3,6 +3,8 @@
  *  Licensed under the Source EULA. See License.txt in the project root for license information.
  *--------------------------------------------------------------------------------------------*/
 
+import { escape } from 'sql/base/common/strings';
+
 /**
  * Definition for column with icon on the left of text.
  */
@@ -37,7 +39,7 @@ export class TextWithIconColumn<T extends Slick.SlickData> {
 	}
 	private formatter(row: number, cell: number, value: any, columnDef: Slick.Column<T>, dataContext: T): string {
 		const iconColumn = columnDef as TextWithIconColumnDefinition<T>;
-		return `<div class="icon codicon slick-icon-cell-content ${iconColumn.iconCssClassField ? dataContext[iconColumn.iconCssClassField] : ''}">${value}</div>`;
+		return `<div class="icon codicon slick-icon-cell-content ${iconColumn.iconCssClassField ? dataContext[iconColumn.iconCssClassField] : ''}">${escape(value)}</div>`;
 	}
 
 	public get definition(): TextWithIconColumnDefinition<T> {