diff --git a/phpmyfaq/admin/assets/js/tags.js b/phpmyfaq/admin/assets/js/tags.js
index 1cc214cacb..87e4f75337 100644
--- a/phpmyfaq/admin/assets/js/tags.js
+++ b/phpmyfaq/admin/assets/js/tags.js
@@ -36,6 +36,10 @@ document.addEventListener('DOMContentLoaded', () => {
const tag = input.val();
const csrf = $('input[name=csrf]').val();
+ const escape = (unsafe) => {
+ return unsafe.replaceAll('&', '&').replaceAll('<', '<').replaceAll('>', '>').replaceAll('"', '"').replaceAll("'", ''');
+ }
+
$.ajax({
url: 'index.php?action=ajax&ajax=tags&ajaxaction=update',
type: 'POST',
@@ -47,7 +51,7 @@ document.addEventListener('DOMContentLoaded', () => {
);
},
success: function (message) {
- input.replaceWith('' + input.val().replace(/\//g, '/') + '');
+ input.replaceWith('' + escape(input.val().replace(/\//g, '/')) + '');
$('span[data-tag-id="' + id + '"]');
$('#pmf-admin-saving-data-indicator').html(message);
},
diff --git a/phpmyfaq/admin/tags.php b/phpmyfaq/admin/tags.php
index 6122e75c82..ceb2b941ec 100644
--- a/phpmyfaq/admin/tags.php
+++ b/phpmyfaq/admin/tags.php
@@ -55,7 +55,7 @@
$tagData = $tags->getAllTags();
- if (count($tagData)) {
+ if (count($tagData) === 0) {
printf('%s
', $PMF_LANG['ad_news_nodata']);
}
@@ -64,7 +64,7 @@
foreach ($tagData as $key => $tag) {
echo '';
- echo '| ' . Strings::htmlspecialchars($tag) . ' | ';
+ echo '' . Strings::htmlentities($tag) . ' | ';
printf(
'' .
' | ',