diff --git a/src/Controller/ConfigController.php b/src/Controller/ConfigController.php index 2a56a61e..286ba4e6 100644 --- a/src/Controller/ConfigController.php +++ b/src/Controller/ConfigController.php @@ -93,7 +93,7 @@ public function listAction(Request $request): JsonResponse if (empty($groups[$item->getGroup()])) { $groups[$item->getGroup()] = [ 'id' => 'group_' . $item->getName(), - 'text' => $item->getGroup(), + 'text' => htmlspecialchars($item->getGroup()), 'expandable' => true, 'leaf' => false, 'allowChildren' => true, diff --git a/src/Resources/public/js/configuration/graphql/configItem.js b/src/Resources/public/js/configuration/graphql/configItem.js index 30fb2a68..1f181060 100644 --- a/src/Resources/public/js/configuration/graphql/configItem.js +++ b/src/Resources/public/js/configuration/graphql/configItem.js @@ -34,6 +34,9 @@ pimcore.plugin.datahub.configuration.graphql.configItem = Class.create(pimcore.e componentCls: 'plugin_pimcore_datahub_statusbar', itemId: 'footer' }, + defaults: { + renderer: Ext.util.Format.htmlEncode + }, }); //create sub panels after main panel is generated - to be able to reference it in sub panels diff --git a/src/Resources/public/js/workspace/abstract.js b/src/Resources/public/js/workspace/abstract.js index 78b6c5c1..49d93fcc 100644 --- a/src/Resources/public/js/workspace/abstract.js +++ b/src/Resources/public/js/workspace/abstract.js @@ -30,7 +30,8 @@ pimcore.plugin.datahub.workspace.abstract = Class.create({ var typesColumns = [ {text: t("path"), flex: 1, sortable: false, dataIndex: 'cpath', editor: new Ext.form.TextField({}), - tdCls: "pimcore_property_droptarget" + tdCls: "pimcore_property_droptarget", + renderer: Ext.util.Format.htmlEncode } ];