Fixed an XSS vulnerability

CHANGELOG.md

@@ -18,7 +18,7 @@
 - Fixed a bug where automatically-added Matrix blocks (per the field’s Min Blocks setting) were getting discarded if no changes were made to them. ([#12973](https://github.com/craftcms/cms/issues/12973))
 - Fixed an error that could occur when installing Craft with an existing project config, if any image transforms were defined that didn’t specify the `upscale` property.
 - Fixed a bug where nested folders in asset search results weren’t showing their relative path.
-- Fixed an XSS vulnerability.
+- Fixed XSS vulnerabilities.
 
 ## 4.4.5 - 2023-03-21
 

src/templates/_components/widgets/CraftSupport/body.twig

@@ -78,11 +78,11 @@
                     {% endset %}
                     {{ links.externalLink({
                         link: 'https://craftcms.com/docs/4.x/',
-                        text: documentationLinkHtml
+                        html: documentationLinkHtml
                     }) }}
                     {{ links.externalLink({
                         link: 'https://craftcms.com/knowledge-base',
-                        text: knowledgeBaseLinkHtml
+                        html: knowledgeBaseLinkHtml
                     }) }}
                 </div>
             </form>

src/templates/_includes/links.twig

@@ -11,7 +11,7 @@
         href: config.link,
         target: '_blank',
         rel: 'noopener',
-        html: config.text ~ _self.externalLinkIcon()
+        html: (config.html ?? config.text|e) ~ _self.externalLinkIcon()
     } %}
     {{ tag('a', linkAttributes) }}
-{% endmacro %}
+{% endmacro %}