From d0fd404730a34712c7b01207708a5a74c8b39e08 Mon Sep 17 00:00:00 2001
From: lethanhphuc <31820707+noobpk@users.noreply.github.com>
Date: Mon, 29 Nov 2021 12:30:35 +0700
Subject: [PATCH] Add `htmlspecialchars` function for nameTag

Fix bug stored XSS in Tags
Disclosure: https://huntr.dev/bounties/a11bca75-f8a8-449d-82cd-d463bfd84f72
---
 packages/Webkul/Admin/src/DataGrids/Setting/TagDataGrid.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/Webkul/Admin/src/DataGrids/Setting/TagDataGrid.php b/packages/Webkul/Admin/src/DataGrids/Setting/TagDataGrid.php
index 6e6583e9..8023bb80 100644
--- a/packages/Webkul/Admin/src/DataGrids/Setting/TagDataGrid.php
+++ b/packages/Webkul/Admin/src/DataGrids/Setting/TagDataGrid.php
@@ -91,7 +91,7 @@ public function addColumns()
                 $html = '<span style="background: ' . ($row->color ?? '#546E7A') . ';width: 15px;height: 15px;margin-top: 3px;border-radius: 50%;float: left;margin-right: 10px;box-shadow: 0px 4px 15.36px 0.75px rgb(0 0 0 / 10%), 0px 2px 6px 0px rgb(0 0 0 / 15%);"></span>';
 
 
-                return $html . $row->name;
+                return $html . htmlspecialchars($row->name);
             },
         ]);