Fixed issue [security] #15452: (self) reflecting XSS in print answer …

…view : Array/text Dev: escape value
LimeSurvey · Jun 18, 2020 · 0d2e1df · 0d2e1df
1 parent b8f2693
commit 0d2e1df
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/...y/vanilla/views/subviews/printanswers/question_types/template_array-multi-flexi-text.twig b/...y/vanilla/views/subviews/printanswers/question_types/template_array-multi-flexi-text.twig
@@ -8,7 +8,7 @@
                 <th></th>
                 {% for colname, value in subquestion.answervalueslabels %}
                     <th class="text-center"><b>{{value}} - {{colname}}</b></th>
-                {% endfor %}                    
+                {% endfor %}
             </tr>
         {% endif %}
 
@@ -18,8 +18,8 @@
             </td>
             {% for colname, value in subquestion.answervalues %}
                 <td>
-                    {{value}}
-                </td>    
+                    {{value|escape}}
+                </td>
             {% endfor %}
         </tr>
     {% endfor %}