Merge pull request from GHSA-vr7g-vqp5-966j

Store XSS on create / edit page
PrestaShop · Apr 15, 2020 · b90005c · b90005c
2 parents 9d1fce4 + 0a70f84
commit b90005c
Showing 1 changed file with 28 additions and 28 deletions.
diff --git a/views/templates/hook/linkblock.tpl b/views/templates/hook/linkblock.tpl
@@ -1,41 +1,41 @@
 {**
- * 2007-2018 PrestaShop.
- *
- * NOTICE OF LICENSE
- *
- * This source file is subject to the Academic Free License (AFL 3.0)
- * that is bundled with this package in the file LICENSE.txt.
- * It is also available through the world-wide-web at this URL:
- * http://opensource.org/licenses/afl-3.0.php
- * If you did not receive a copy of the license and are unable to
- * obtain it through the world-wide-web, please send an email
- * to license@prestashop.com so we can send you a copy immediately.
- *
- * DISCLAIMER
- *
- * Do not edit or add to this file if you wish to upgrade PrestaShop to newer
- * versions in the future. If you wish to customize PrestaShop for your
- * needs please refer to http://www.prestashop.com for more information.
- *
- * @author    PrestaShop SA <contact@prestashop.com>
- * @copyright 2007-2018 PrestaShop SA
- * @license   http://opensource.org/licenses/afl-3.0.php  Academic Free License (AFL 3.0)
- * International Registered Trademark & Property of PrestaShop SA
- *}
+  * 2007-2018 PrestaShop.
+  *
+  * NOTICE OF LICENSE
+  *
+  * This source file is subject to the Academic Free License (AFL 3.0)
+  * that is bundled with this package in the file LICENSE.txt.
+  * It is also available through the world-wide-web at this URL:
+  * http://opensource.org/licenses/afl-3.0.php
+  * If you did not receive a copy of the license and are unable to
+  * obtain it through the world-wide-web, please send an email
+  * to license@prestashop.com so we can send you a copy immediately.
+  *
+  * DISCLAIMER
+  *
+  * Do not edit or add to this file if you wish to upgrade PrestaShop to newer
+  * versions in the future. If you wish to customize PrestaShop for your
+  * needs please refer to http://www.prestashop.com for more information.
+  *
+  * @author    PrestaShop SA <contact@prestashop.com>
+  * @copyright 2007-2018 PrestaShop SA
+  * @license   http://opensource.org/licenses/afl-3.0.php  Academic Free License (AFL 3.0)
+  * International Registered Trademark & Property of PrestaShop SA
+  *}
 
 {foreach $linkBlocks as $linkBlock}
-  <h3>{$linkBlock.title}</h3>
+  <h3>{$linkBlock.title|escape:'html':'UTF-8'}</h3>
   <ul>
     {foreach $linkBlock.links as $link}
       <li>
         <a
           id="{$link.id}-{$linkBlock.id}"
           class="{$link.class}"
-          href="{$link.url}"
-          title="{$link.description}"
-          {if !empty($link.target)} target="{$link.target}" {/if}
+          href="{$link.url|escape:'html':'UTF-8'}"
+          title="{$link.description|escape:'html':'UTF-8'}"
+          {if !empty($link.target)} target="{$link.target|escape:'html':'UTF-8'}" {/if}
         >
-          {$link.title}
+          {$link.title|escape:'html':'UTF-8'}
         </a>
       </li>
     {/foreach}