fixed potential xss in example scripts

dist/example-js.html

@@ -30,8 +30,8 @@
     let encrypted = url.searchParams.get('encrypted') ? atob(url.searchParams.get('encrypted')) : '{"ct":"hQDvpbAKTGp1mXgzSShR9g==","iv":"57fd85773d898d1f9f868c53b436e28f","s":"a2dac436512077c5"}'
     let password = '123456'
     let decrypted = CryptoJSAesJson.decrypt(encrypted, password)
-    results.innerHTML += 'Decrypted (From ' + encrypted + '):<br/>'
-    results.innerHTML += decrypted
+    results.innerHTML += 'Decrypted (From ' + encrypted.replace(/</g, '&lt;').replace(/>/g, '&gt;') + '):<br/>'
+    results.innerHTML += decrypted.replace(/</g, '&lt;').replace(/>/g, '&gt;')
   })()
 </script>
 </body>

dist/example-php.php

@@ -8,12 +8,12 @@
 $originalValue = ["Coming from PHP - We do encrypt an array", "123", ['nested']]; // this could be any value
 $password = "123456";
 $encrypted = CryptoJsAes::encrypt($originalValue, $password);
-echo "Encrypted:<br/><a href='example-js.html?encrypted=" . base64_encode($encrypted) . "' title='Pass to JS testpage' target='_blank'>" . $encrypted . "</a><br/><br/>\n";
+echo "Encrypted:<br/><a href='example-js.html?encrypted=" . base64_encode($encrypted) . "' title='Pass to JS testpage' target='_blank'>" . htmlentities($encrypted) . "</a><br/><br/>\n";
 // something like: {"ct":"g9uYq0DJypTfiyQAspfUCkf+\/tpoW4DrZrpw0Tngrv10r+\/yeJMeseBwDtJ5gTnx","iv":"c8fdc314b9d9acad7bea9a865671ea51","s":"7e61a4cd341279af"}
 
 // decrypt
 $encrypted = isset($_GET['encrypted']) ? base64_decode($_GET['encrypted']) : $encrypted;
 $password = "123456";
 $decrypted = CryptoJsAes::decrypt($encrypted, $password);
 
-echo "Decrypted (From $encrypted):<br/>" . print_r($decrypted, true);
+echo "Decrypted (From " . htmlentities($encrypted) . "):<br/>" . htmlentities(print_r($decrypted, true));