From bc372a820c3a500b120548d73c3a13e70088eb36 Mon Sep 17 00:00:00 2001
From: Gabriel Jenik <gabriel.jenik@gmail.com>
Date: Thu, 25 Mar 2021 10:42:56 -0300
Subject: [PATCH] Fixed issue #16904: Check attributes are escaped properly
 (#1803)

---
 application/views/questionAdministration/answerOptionRow.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/application/views/questionAdministration/answerOptionRow.twig b/application/views/questionAdministration/answerOptionRow.twig
index 620f2938c64..1a8b97a5d9a 100644
--- a/application/views/questionAdministration/answerOptionRow.twig
+++ b/application/views/questionAdministration/answerOptionRow.twig
@@ -115,7 +115,7 @@
                 id='answeroptions[{{ answerOption.aid }}][{{ scale_id }}][answeroptionl10n][{{ language }}]'
                 name='answeroptions[{{ answerOption.aid }}][{{ scale_id }}][answeroptionl10n][{{ language }}]'
                 placeholder='{{ gT("Some example answer option") }}'
-                value="{{ answerOptionl10n.answer }}"
+                value="{{ answerOptionl10n.answer|escape('html_attr') }}"
             />
             <span class="input-group-addon">
                 {{ getEditor(