Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Properly escape site and page titles
  • Loading branch information
zerocrates committed Jul 6, 2021
1 parent 64e93fa commit 4c0f3eb
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 6 deletions.
4 changes: 2 additions & 2 deletions application/src/Site/BlockLayout/PageTitle.php
Expand Up @@ -16,11 +16,11 @@ public function getLabel()
public function form(PhpRenderer $view, SiteRepresentation $site,
SitePageRepresentation $page = null, SitePageBlockRepresentation $block = null
) {
return $page->title();
return $view->escapeHtml($page->title());
}

public function render(PhpRenderer $view, SitePageBlockRepresentation $block)
{
return sprintf('<h2>%s</h2>', $block->page()->title());
return sprintf('<h2>%s</h2>', $view->escapeHtml($block->page()->title()));
}
}
4 changes: 2 additions & 2 deletions application/view/omeka/site-admin/index/show-details.phtml
@@ -1,4 +1,4 @@
<div class='resource-details'>
<h3 class="title"><?php echo $resource->title(); ?></h3>
<h3 class="title"><?php echo $this->escapeHtml($resource->title()); ?></h3>
</div>
<?php $this->trigger('view.details', array('entity' => $resource)); ?>
<?php $this->trigger('view.details', array('entity' => $resource)); ?>
4 changes: 2 additions & 2 deletions application/view/omeka/site-admin/page/show-details.phtml
@@ -1,4 +1,4 @@
<div class='resource-details'>
<h3 class="title"><?php echo $resource->title(); ?></h3>
<h3 class="title"><?php echo $this->escapeHtml($resource->title()); ?></h3>
</div>
<?php $this->trigger('view.details', array('entity' => $resource)); ?>
<?php $this->trigger('view.details', array('entity' => $resource)); ?>

0 comments on commit 4c0f3eb

Please sign in to comment.