From 981730f1a3d59b423ca903b1f4bf79b848a1766e Mon Sep 17 00:00:00 2001
From: Jelmer Prins <jelmer@pageon.be>
Date: Wed, 23 Mar 2022 14:20:39 +0100
Subject: [PATCH] Fix xss though the description in the info.xml file of a
 theme or module

---
 src/Backend/Modules/Extensions/Engine/Model.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Backend/Modules/Extensions/Engine/Model.php b/src/Backend/Modules/Extensions/Engine/Model.php
index 4e09814e26..3d81361271 100644
--- a/src/Backend/Modules/Extensions/Engine/Model.php
+++ b/src/Backend/Modules/Extensions/Engine/Model.php
@@ -839,7 +839,7 @@ public static function processModuleXml(\SimpleXMLElement $xml): array
         $information['name'] = (string) $module->name;
         $information['version'] = (string) $module->version;
         $information['requirements'] = (array) $module->requirements;
-        $information['description'] = (string) $module->description;
+        $information['description'] = strip_tags((string) $module->description, '<h1><h2><h3><h4><h5><h6><p><li><a>');
         $information['cronjobs'] = [];
 
         // authors
@@ -900,7 +900,7 @@ public static function processThemeXml(\SimpleXMLElement $xml): array
         $information['version'] = (string) $theme->version;
         $information['requirements'] = (array) $theme->requirements;
         $information['thumbnail'] = (string) $theme->thumbnail;
-        $information['description'] = (string) $theme->description;
+        $information['description'] = strip_tags((string) $theme->description, '<h1><h2><h3><h4><h5><h6><p><li><a>');
 
         // authors
         foreach ($xml->xpath('/theme/authors/author') as $author) {