From 2507604c68d042bf7a148317585a45a48e787aad Mon Sep 17 00:00:00 2001
From: Alec Smecher <alec@smecher.bc.ca>
Date: Tue, 12 Oct 2021 17:26:54 -0700
Subject: [PATCH] pkp/pkp-lib#7378 Fix reflected XSS issues

---
 .../controllers/grid/settings/sections/form/sectionForm.tpl     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/controllers/grid/settings/sections/form/sectionForm.tpl b/templates/controllers/grid/settings/sections/form/sectionForm.tpl
index 50378eca574..3df7da23f4f 100644
--- a/templates/controllers/grid/settings/sections/form/sectionForm.tpl
+++ b/templates/controllers/grid/settings/sections/form/sectionForm.tpl
@@ -65,7 +65,7 @@
 	{fbvFormSection list=true title="user.role.subEditors"}
 		{if count($subeditors)}
 			{foreach from=$subeditors item="subeditor" key="id"}
-				{fbvElement type="checkbox" id="subEditors[]" value=$id checked=in_array($id, $assignedSubeditors) label=$subeditor translate=false}
+				{fbvElement type="checkbox" id="subEditors[]" value=$id checked=in_array($id, $assignedSubeditors) label=$subeditor|escape translate=false}
 			{/foreach}
 		{else}
 			<span class="pkp_form_error"><p>{translate key="manager.section.noSectionEditors"}</p></span>