diff --git a/bundles/AdminBundle/Resources/public/js/pimcore/asset/metadata/tags/date.js b/bundles/AdminBundle/Resources/public/js/pimcore/asset/metadata/tags/date.js index 1892300d54f..3d7249c6e81 100644 --- a/bundles/AdminBundle/Resources/public/js/pimcore/asset/metadata/tags/date.js +++ b/bundles/AdminBundle/Resources/public/js/pimcore/asset/metadata/tags/date.js @@ -113,7 +113,8 @@ pimcore.asset.metadata.tags.date = Class.create(pimcore.asset.metadata.tags.abst } return Ext.Date.format(value, "Y-m-d"); } - return value; + + return Ext.util.Format.htmlEncode(value); }, marshal: function(value) { diff --git a/bundles/AdminBundle/Resources/public/js/pimcore/asset/metadata/tags/manyToOneRelation.js b/bundles/AdminBundle/Resources/public/js/pimcore/asset/metadata/tags/manyToOneRelation.js index ccfbf1a93be..78b748e2e4a 100644 --- a/bundles/AdminBundle/Resources/public/js/pimcore/asset/metadata/tags/manyToOneRelation.js +++ b/bundles/AdminBundle/Resources/public/js/pimcore/asset/metadata/tags/manyToOneRelation.js @@ -251,7 +251,7 @@ pimcore.asset.metadata.tags.manyToOneRelation = Class.create(pimcore.asset.metad getGridCellRenderer: function(value, metaData, record, rowIndex, colIndex, store) { if (value) { - value = nl2br(value); + value = nl2br(Ext.util.Format.htmlEncode(value)); } else { value = ""; } diff --git a/bundles/AdminBundle/Resources/public/js/pimcore/asset/metadata/tags/textarea.js b/bundles/AdminBundle/Resources/public/js/pimcore/asset/metadata/tags/textarea.js index 0a38a2cee51..e65497d301b 100644 --- a/bundles/AdminBundle/Resources/public/js/pimcore/asset/metadata/tags/textarea.js +++ b/bundles/AdminBundle/Resources/public/js/pimcore/asset/metadata/tags/textarea.js @@ -107,7 +107,7 @@ pimcore.asset.metadata.tags.textarea = Class.create(pimcore.asset.metadata.tags. getGridCellRenderer: function(value, metaData, record, rowIndex, colIndex, store) { if (value) { - return nl2br(value); + return nl2br(Ext.util.Format.htmlEncode(value)); } else { return ""; }