diff --git a/bundles/AdminBundle/Resources/public/js/pimcore/element/properties.js b/bundles/AdminBundle/Resources/public/js/pimcore/element/properties.js
index fc06ee0d432..461a0f13e6b 100644
--- a/bundles/AdminBundle/Resources/public/js/pimcore/element/properties.js
+++ b/bundles/AdminBundle/Resources/public/js/pimcore/element/properties.js
@@ -439,7 +439,7 @@ pimcore.element.properties = Class.create({
getTypeRenderer: function (value, metaData, record, rowIndex, colIndex, store) {
- return '
';
+ return '
';
},
getCellRenderer: function (value, metaData, record, rowIndex, colIndex, store) {
diff --git a/bundles/AdminBundle/Resources/public/js/pimcore/notification/helper.js b/bundles/AdminBundle/Resources/public/js/pimcore/notification/helper.js
index dc2654f8ddc..ed62175193b 100644
--- a/bundles/AdminBundle/Resources/public/js/pimcore/notification/helper.js
+++ b/bundles/AdminBundle/Resources/public/js/pimcore/notification/helper.js
@@ -76,8 +76,8 @@ pimcore.notification.helper.showNotifications = function (notifications) {
});
var notification = Ext.create('Ext.window.Toast', {
iconCls: 'pimcore_icon_' + row.type,
- title: row.title,
- html: row.message,
+ title: Ext.util.Format.htmlEncode(row.title),
+ html: Ext.util.Format.htmlEncode(row.message),
autoShow: true,
width: 400,
height: 150,
@@ -136,8 +136,8 @@ pimcore.notification.helper.openDetailsWindow = function (id, title, message, ty
var notification = new Ext.Window({
modal: true,
iconCls: 'pimcore_icon_' + type,
- title: title,
- html: message,
+ title: Ext.util.Format.htmlEncode(title),
+ html: Ext.util.Format.htmlEncode(message),
autoShow: true,
width: 700,
height: 350,
diff --git a/bundles/AdminBundle/Resources/public/js/pimcore/notification/panel.js b/bundles/AdminBundle/Resources/public/js/pimcore/notification/panel.js
index c771ae78a78..2e1e87610c3 100644
--- a/bundles/AdminBundle/Resources/public/js/pimcore/notification/panel.js
+++ b/bundles/AdminBundle/Resources/public/js/pimcore/notification/panel.js
@@ -79,13 +79,14 @@ pimcore.notification.panel = Class.create({
dataIndex: 'title',
renderer: function (val, metaData, record, rowIndex, colIndex, store) {
var read = parseInt(store.getAt(rowIndex).get("read"));
+ val = Ext.util.Format.htmlEncode(val);
if (read == 0) {
return '' + val + ''; // css style need to be added
}
return val;
}
},
- {header: t("sender"), flex: 2, sortable: false, dataIndex: 'sender'},
+ {header: t("sender"), flex: 2, sortable: false, dataIndex: 'sender', renderer: Ext.util.Format.htmlEncode},
{header: t("date"), flex: 3, sortable: true, filter: 'date', dataIndex: 'date'},
{
header: t("attachment"),