From 99b3d29e69c905996c6c26296a89650b7ee1755b Mon Sep 17 00:00:00 2001
From: Dannon <dannon.baker@gmail.com>
Date: Fri, 20 Sep 2024 07:13:11 +0200
Subject: [PATCH] Change mechanism for loading data into editor viz

avoiding injecting it as innerHTML and executing contents.
---
 config/plugins/visualizations/editor/templates/editor.mako | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/plugins/visualizations/editor/templates/editor.mako b/config/plugins/visualizations/editor/templates/editor.mako
index 385edbba6205..1046842c3417 100755
--- a/config/plugins/visualizations/editor/templates/editor.mako
+++ b/config/plugins/visualizations/editor/templates/editor.mako
@@ -62,11 +62,11 @@
 
     const ajax_url = "${h.url_for( controller='/datasets', action='index')}/" + hda_id + "/display";
     const data = httpGet(ajax_url);
-    document.getElementById("editor").innerHTML = data;
     var editor = ace.edit("editor", {
         mode: "ace/mode/powershell",
         theme: "ace/theme/textmate"
     });
+    editor.setValue(data, -1);
 </script>
 </body>
 </html>