Fixed issue #19019: [security] Stored XSS in description of theme (#3359

)

Co-authored-by: lapiudevgit <devgit@lapiu.biz>

application/models/TemplateConfiguration.php

@@ -545,6 +545,7 @@ public function getDescription()
           // Note: if no twig statement in the description, twig will just render it as usual
         try {
             $sDescription = App()->twigRenderer->convertTwigToHtml($this->template->description);
+            $sDescription = viewHelper::purified($sDescription);
         } catch (\Exception $e) {
           // It should never happen, but let's avoid to anoy final user in production mode :)
             if (YII_DEBUG) {