From 832c34aeb9f21f213295a0c28377132df996352a Mon Sep 17 00:00:00 2001
From: Jia Jia Ji <kingjia90@gmail.com>
Date: Wed, 26 Jan 2022 14:08:27 +0100
Subject: [PATCH] added escape function to the icon field

---
 .../AdminBundle/Controller/Admin/DataObject/ClassController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php b/bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php
index 84582a8c58f..93339ef2069 100644
--- a/bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php
+++ b/bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php
@@ -119,7 +119,7 @@ public function getTreeAction(Request $request)
                 'id' => $class->getId(),
                 'text' => $text,
                 'leaf' => true,
-                'icon' => $class->getIcon() ? $class->getIcon() : $defaultIcon,
+                'icon' => $class->getIcon() ? htmlspecialchars($class->getIcon()) : $defaultIcon,
                 'cls' => 'pimcore_class_icon',
                 'propertyVisibility' => $class->getPropertyVisibility(),
                 'enableGridLocking' => $class->isEnableGridLocking(),