From 1e7a823f60ec81f8f35df86d29c6a1b86c947902 Mon Sep 17 00:00:00 2001 From: dpahuja Date: Thu, 27 Jan 2022 10:46:16 +0100 Subject: [PATCH] [Customer Automation Rules ]Escape Rule fields --- src/Controller/Admin/RulesController.php | 6 +++--- src/Resources/public/js/config/rule.js | 8 +++++--- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/src/Controller/Admin/RulesController.php b/src/Controller/Admin/RulesController.php index eef26c7b..652a9a40 100644 --- a/src/Controller/Admin/RulesController.php +++ b/src/Controller/Admin/RulesController.php @@ -48,11 +48,11 @@ public function listAction(Request $request) $json[] = [ 'iconCls' => $icon, 'id' => $rule->getId(), - 'text' => $rule->getName(), + 'text' => htmlspecialchars($rule->getName()), 'leaf' => true, 'qtipCfg' => [ - 'title' => $title, - 'text' => $rule->getDescription(), + 'title' => htmlspecialchars($title), + 'text' => htmlspecialchars($rule->getDescription()), ], ]; } diff --git a/src/Resources/public/js/config/rule.js b/src/Resources/public/js/config/rule.js index ab289380..4e4f04e1 100644 --- a/src/Resources/public/js/config/rule.js +++ b/src/Resources/public/js/config/rule.js @@ -38,7 +38,7 @@ pimcore.plugin.cmf.config.rule = Class.create({ this.tabPanel = new Ext.TabPanel({ activeTab: 0, - title: rule.name, + title: Ext.util.Format.htmlEncode(rule.name), closable: true, deferredRender: false, forceLayout: true, @@ -119,14 +119,16 @@ pimcore.plugin.cmf.config.rule = Class.create({ name: "name", fieldLabel: t("name"), width: 350, - value: this.rule.name + value: this.rule.name, + renderer: Ext.util.Format.htmlEncode }, { xtype: "textarea", name: "description", fieldLabel: t("description"), width: 500, height: 100, - value: this.rule.description + value: this.rule.description, + renderer: Ext.util.Format.htmlEncode }, { xtype: "checkbox", name: "active",