54413ab8e05496303b70ee4349b4e5ada1802147
max
  Wed Feb 4 03:40:06 2026 -0800
adding XSS security fix to hub error printf, refs #36916

diff --git src/inc/common.h src/inc/common.h
index fa1a2759e71..389f3369c6e 100644
--- src/inc/common.h
+++ src/inc/common.h
@@ -912,31 +912,37 @@
 void toLowerN(char *s, int n);
 /* Convert a section of memory to lower case. */
 
 void toggleCase(char *s, int size);
 /* toggle upper and lower case chars in string. */
 
 char *strUpper(char *s);
 #define touppers(s) (void)strUpper(s)
 /* Convert entire string to upper case. */
 
 char *strLower(char *s);
 #define tolowers(s) (void)strLower(s)
 /* Convert entire string to lower case */
 
 void replaceChar(char *s, char oldc, char newc);
-/* Repace one char with another. Modifies original string. */
+/* Replace one char with another. Modifies original string. */
+
+char *stripHtml(char *s);
+/* replace < and > with [ and ]. Modifies string in-place. Whenever we
+ * print a string that we get from the internet, e.g. through HTTP headers,
+ * in a hub.txt file or via a HTTP GET or POST argument, we need to strip
+ * tags. */
 
 char *replaceChars(char *string, char *oldStr, char *newStr);
 /*
   Replaces the old with the new.
  The old and new string need not be of equal size
  Can take any length string.
  Return value needs to be freeMem'd.
 */
 
 int strSwapStrs(char *string, int sz,char *oldStr, char *newStr);
 /* Swaps all occurrences of the oldStr with the newStr in string. Need not be same size
    Swaps in place but restricted by sz.  Returns count of swaps or -1 for sz failure.*/
 
 char * memSwapChar(char *s, int len, char oldChar, char newChar);
 /* Substitute newChar for oldChar throughout memory of given length.