diff --git a/protected/humhub/modules/space/widgets/FollowButton.php b/protected/humhub/modules/space/widgets/FollowButton.php
index 2bf3045faf..4e3e0ed616 100644
--- a/protected/humhub/modules/space/widgets/FollowButton.php
+++ b/protected/humhub/modules/space/widgets/FollowButton.php
@@ -118,7 +118,7 @@ public function run()
// Confirm action "Unfollow"
$this->unfollowOptions['data-action-confirm'] = Yii::t('SpaceModule.base', 'Would you like to unfollow Space {spaceName}?', [
- '{spaceName}' => '' . $this->space->getDisplayName() . ''
+ '{spaceName}' => '' . Html::encode($this->space->getDisplayName()) . ''
]);
$module = Yii::$app->getModule('space');
diff --git a/protected/humhub/modules/space/widgets/MembershipButton.php b/protected/humhub/modules/space/widgets/MembershipButton.php
index e04115022a..0567ac583f 100644
--- a/protected/humhub/modules/space/widgets/MembershipButton.php
+++ b/protected/humhub/modules/space/widgets/MembershipButton.php
@@ -12,6 +12,7 @@
use humhub\modules\space\models\Space;
use Yii;
use yii\helpers\ArrayHelper;
+use yii\helpers\Html;
use yii\helpers\Json;
/**
@@ -84,7 +85,7 @@ private function getDefaultOptions()
'attrs' => [
'data-action-click' => 'content.container.relationship',
'data-action-url' => $this->space->createUrl('/space/membership/revoke-membership'),
- 'data-action-confirm' => Yii::t('SpaceModule.base', 'Would you like to withdraw your request to join Space {spaceName}?', ['{spaceName}' => '' . $this->space->getDisplayName() . '']),
+ 'data-action-confirm' => Yii::t('SpaceModule.base', 'Would you like to withdraw your request to join Space {spaceName}?', ['{spaceName}' => '' . Html::encode($this->space->getDisplayName()) . '']),
'data-button-options' => Json::encode($this->options),
'data-ui-loader' => '',
'class' => 'btn btn-info active',
@@ -96,7 +97,7 @@ private function getDefaultOptions()
'attrs' => [
'data-action-click' => 'content.container.relationship',
'data-action-url' => $this->space->createUrl('/space/membership/revoke-membership'),
- 'data-action-confirm' => Yii::t('SpaceModule.base', 'Would you like to end your membership in Space {spaceName}?', ['{spaceName}' => '' . $this->space->getDisplayName() . '']),
+ 'data-action-confirm' => Yii::t('SpaceModule.base', 'Would you like to end your membership in Space {spaceName}?', ['{spaceName}' => '' . Html::encode($this->space->getDisplayName()) . '']),
'data-button-options' => Json::encode($this->options),
'data-ui-loader' => '',
'class' => 'btn btn-info active',
diff --git a/protected/humhub/modules/user/widgets/UserFollowButton.php b/protected/humhub/modules/user/widgets/UserFollowButton.php
index 8a1ba3a022..66eeed6e12 100644
--- a/protected/humhub/modules/user/widgets/UserFollowButton.php
+++ b/protected/humhub/modules/user/widgets/UserFollowButton.php
@@ -10,7 +10,6 @@
use Yii;
use yii\bootstrap\Html;
-use humhub\modules\friendship\models\Friendship;
/**
* UserFollowButton
@@ -113,7 +112,7 @@ public function run()
// Confirm action "Unfollow"
$this->unfollowOptions['data-action-confirm'] = Yii::t('SpaceModule.base', 'Would you like to unfollow {userName}?', [
- '{userName}' => '' . $this->user->getDisplayName() . ''
+ '{userName}' => '' . Html::encode($this->user->getDisplayName()) . ''
]);
$module = Yii::$app->getModule('user');