From 8ab06bfbb5a05a1b190731d9c7476ec45f5ee878 Mon Sep 17 00:00:00 2001
From: JiaJia Ji <kingjia90@gmail.com>
Date: Wed, 2 Mar 2022 20:06:51 +0100
Subject: [PATCH] escaping fields in SERP preview

---
 .../Resources/public/js/pimcore/document/pages/settings.js    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/bundles/AdminBundle/Resources/public/js/pimcore/document/pages/settings.js b/bundles/AdminBundle/Resources/public/js/pimcore/document/pages/settings.js
index f14c6d28513..3737778b115 100644
--- a/bundles/AdminBundle/Resources/public/js/pimcore/document/pages/settings.js
+++ b/bundles/AdminBundle/Resources/public/js/pimcore/document/pages/settings.js
@@ -79,8 +79,8 @@ pimcore.document.pages.settings = Class.create(pimcore.document.settings_abstrac
             var updateSerpPreview = function () {
 
                 var metaPanel = this.layout.getComponent("metaDataPanel");
-                var title = metaPanel.getComponent("title").getValue();
-                var description = metaPanel.getComponent("description").getValue();
+                var title = htmlspecialchars(metaPanel.getComponent("title").getValue());
+                var description = htmlspecialchars(metaPanel.getComponent("description").getValue());
 
                 var truncate = function( text, n ){
                     if (text.length <= n) { return text; }