From bc5d4b565a363d67504bd79c82cfecba63c37d02 Mon Sep 17 00:00:00 2001
From: Anders Kaseorg <anders@zulip.com>
Date: Fri, 19 Jan 2024 17:30:10 -0800
Subject: [PATCH] settings_playgrounds: Fix HTML injection in language
 typeahead.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
---
 web/src/settings_playgrounds.js | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/web/src/settings_playgrounds.js b/web/src/settings_playgrounds.js
index 6285443e87..167e44bd50 100644
--- a/web/src/settings_playgrounds.js
+++ b/web/src/settings_playgrounds.js
@@ -11,6 +11,7 @@ import * as ListWidget from "./list_widget";
 import {page_params} from "./page_params";
 import * as realm_playground from "./realm_playground";
 import * as scroll_util from "./scroll_util";
+import {render_typeahead_item} from "./typeahead_helper";
 import * as ui_report from "./ui_report";
 
 const meta = {
@@ -158,9 +159,7 @@ function build_page() {
         items: 5,
         fixed: true,
         helpOnEmptyStrings: true,
-        highlighter(item) {
-            return language_labels.get(item);
-        },
+        highlighter: (item) => render_typeahead_item({primary: language_labels.get(item)}),
         matcher(item) {
             const q = this.query.trim().toLowerCase();
             return item.toLowerCase().startsWith(q);