From b5a9ad65e5a4dde1916f02019f8686ad835681ce Mon Sep 17 00:00:00 2001
From: dpahuja <divesh.pahuja@pimcore.com>
Date: Mon, 7 Feb 2022 15:23:39 +0100
Subject: [PATCH] [Admin] DataObject - Escape class definitions group properly

---
 .../Controller/Admin/DataObject/ClassController.php           | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php b/bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php
index ac818bca628..a041274b7b3 100644
--- a/bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php
+++ b/bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php
@@ -861,7 +861,7 @@ public function fieldcollectionTreeAction(Request $request, EventDispatcherInter
                 if (!isset($groups[$item->getGroup()])) {
                     $groups[$item->getGroup()] = [
                         'id' => 'group_' . $item->getKey(),
-                        'text' => $item->getGroup(),
+                        'text' => htmlspecialchars($item->getGroup()),
                         'expandable' => true,
                         'leaf' => false,
                         'allowChildren' => true,
@@ -1266,7 +1266,7 @@ public function objectbrickTreeAction(Request $request, EventDispatcherInterface
                 if (!isset($groups[$item->getGroup()])) {
                     $groups[$item->getGroup()] = [
                         'id' => 'group_' . $item->getKey(),
-                        'text' => $item->getGroup(),
+                        'text' => htmlspecialchars($item->getGroup()),
                         'expandable' => true,
                         'leaf' => false,
                         'allowChildren' => true,