Skip to content
Permalink
Browse files
sanitize context menu in admin category list
  • Loading branch information
Guite committed Sep 18, 2021
1 parent 1adc96e commit bea7497f8435b8980d99ec6d49d9e86c206afe29
Showing with 2 additions and 2 deletions.
  1. +2 −2 src/system/CategoriesModule/Controller/CategoryController.php
@@ -98,7 +98,7 @@ private function getNodeOptions(Request $request): array
}
$class = !empty($classes) ? ' class="' . implode(' ', $classes) . '"' : '';

return '<a' . $class . $title . ' href="#">' . $displayName . '</a>';
return '<a' . $class . $title . ' href="#">' . htmlspecialchars($displayName) . '</a>';
}
];
}
@@ -115,6 +115,6 @@ private function createTitleAttribute(array $node, string $displayName, string $
$title[] = $this->trans('Leaf') . ': ' . ($node['leaf'] ? 'Yes' : 'No');
$title[] = $this->trans('Locked') . ': ' . ($node['locked'] ? 'Yes' : 'No');

return implode('<br />', $title);
return htmlspecialchars(implode('<br />', $title));
}
}

0 comments on commit bea7497

Please sign in to comment.