fix(client): unescaped HTML in bookmarked notes & folders

src/public/app/widgets/buttons/bookmark_folder.js

@@ -1,5 +1,6 @@
 import RightDropdownButtonWidget from "./right_dropdown_button.js";
 import linkService from "../../services/link.js";
+import utils from "../../services/utils.js";
 
 const DROPDOWN_TPL = `
 <div class="bookmark-folder-widget">
@@ -11,40 +12,40 @@ const DROPDOWN_TPL = `
             font-size: 1.2rem;
             overflow: auto;
         }
-        
+
         .bookmark-folder-widget ul {
             padding: 0;
             list-style-type: none;
         }
-        
+
         .bookmark-folder-widget .note-link {
             display: block;
             padding: 5px 10px 5px 5px;
         }
-        
+
         .bookmark-folder-widget .note-link:hover {
             background-color: var(--accented-background-color);
             text-decoration: none;
         }
-        
+
         .dropdown-menu .bookmark-folder-widget a:hover {
             text-decoration: none;
             background: transparent !important;
         }
-        
+
         .bookmark-folder-widget li .note-link {
             padding-left: 35px;
         }
     </style>
-    
+
     <div class="parent-note"></div>
-    
+
     <ul class="children-notes"></ul>
 </div>`;
 
 export default class BookmarkFolderWidget extends RightDropdownButtonWidget {
     constructor(note) {
-        super(note.title, note.getIcon(), DROPDOWN_TPL);
+        super(utils.escapeHtml(note.title), note.getIcon(), DROPDOWN_TPL);
 
         this.note = note;
     }

src/public/app/widgets/buttons/open_note_button_widget.js

@@ -9,7 +9,7 @@ export default class OpenNoteButtonWidget extends OnClickButtonWidget {
 
         this.noteToOpen = noteToOpen;
 
-        this.title(() => this.noteToOpen.title)
+        this.title(() => utils.escapeHtml(this.noteToOpen.title))
             .icon(() => this.noteToOpen.getIcon())
             .onClick((widget, evt) => this.launch(evt))
             .onAuxClick((widget, evt) => this.launch(evt))