sanitize some unescaped HTML from CDP (#202)

Co-authored-by: Thiago Perrotta <tperrotta@chromium.org>

Author: paulirish

pages/domainGenerator.js

@@ -15,6 +15,14 @@ const itemSort = (a, b) => {
   return (a.name || a.id).localeCompare(b.name || b.id);
 };
 
+// This handles a few weird cases of raw HTML or over-escaping in the protocol JSON
+function parseSafeMarkdown(mdText) {
+  // Inline codeblocks to doublecheck: IO.StreamHandle, Preload.PreloadingAttemptSource, Preload.RuleSet > backendNodeId, Accessibility.AXValueSource > nativeSource
+  mdText = mdText.replaceAll('<', '&lt;').replaceAll('>', '&gt;');
+  const html = marked(mdText, {escape: true});
+  return html.replaceAll('&amp;lt;', '&lt;').replaceAll('&amp;gt;', '&gt;');
+}
+
 export class DomainGenerator {
   constructor(version) {
     this.version = version;
@@ -48,7 +56,7 @@ export class DomainGenerator {
     // Some params have an emum: e.g. Debugger.continueToLocation
     return html`
       <div class="details-description">
-        ${description ? marked(description) : ''}
+        ${description ? parseSafeMarkdown(description) : ''}
         ${item ? this.enumDetails(item) : ''}
       </div>
     `;