From 82152fadb649c403a640e52b61866a3942018dee Mon Sep 17 00:00:00 2001
From: Timotheus Pokorra <timotheus.pokorra@solidcharity.com>
Date: Fri, 29 Oct 2021 20:56:38 +0200
Subject: [PATCH] fixing cross site issue

related to #630
---
 js-client/src/lib/tpl.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/js-client/src/lib/tpl.js b/js-client/src/lib/tpl.js
index 94f5b2a46f..291a3e1bea 100644
--- a/js-client/src/lib/tpl.js
+++ b/js-client/src/lib/tpl.js
@@ -5,7 +5,7 @@
 //       Christopher Jäkel <cj@tbits.net>
 //
 // Copyright 2017-2018 by TBits.net
-// Copyright 2019-2020 by SolidCharity.com
+// Copyright 2019-2021 by SolidCharity.com
 //
 // This file is part of OpenPetra.
 //
@@ -471,7 +471,7 @@ function insertData(o, d, to_string=false, currencyCode="EUR", limit_to_table=''
             f.text( printCurrency(v, currencyCode) );
           }
         } else if ( ["SPAN","SUB","H1","H2"].indexOf(f.prop("tagName")) > -1 ) {
-          f.html( v );
+          f.html( v.replace('<', '&lt;').replace('>', '&gt;') );
         } else {
           f.val( v );
         }