From 8383376f1355812e09ec0c2af67f6d46891b7ba7 Mon Sep 17 00:00:00 2001
From: Tony Murray <murraytony@gmail.com>
Date: Mon, 17 Oct 2022 11:52:41 -0500
Subject: [PATCH] Fix XSS when deleting device and port groups

---
 app/Http/Controllers/DeviceGroupController.php | 2 +-
 app/Http/Controllers/PortGroupController.php   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/Http/Controllers/DeviceGroupController.php b/app/Http/Controllers/DeviceGroupController.php
index 2ad5ae479ed0..5375a7366db5 100644
--- a/app/Http/Controllers/DeviceGroupController.php
+++ b/app/Http/Controllers/DeviceGroupController.php
@@ -182,7 +182,7 @@ public function destroy(DeviceGroup $deviceGroup)
         }
         $deviceGroup->delete();
 
-        $msg = __('Device Group :name deleted', ['name' => $deviceGroup->name]);
+        $msg = __('Device Group :name deleted', ['name' => htmlentities($deviceGroup->name)]);
 
         return response($msg, 200);
     }
diff --git a/app/Http/Controllers/PortGroupController.php b/app/Http/Controllers/PortGroupController.php
index 4ce7bb48bb51..ae0961206d07 100644
--- a/app/Http/Controllers/PortGroupController.php
+++ b/app/Http/Controllers/PortGroupController.php
@@ -110,7 +110,7 @@ public function destroy(PortGroup $portGroup)
     {
         $portGroup->delete();
 
-        $msg = __('Port Group :name deleted', ['name' => $portGroup->name]);
+        $msg = __('Port Group :name deleted', ['name' => htmlentities($portGroup->name)]);
 
         return response($msg, 200);
     }