diff --git a/src/extensions/Zikula/ContentModule/Helper/Base/AbstractEntityDisplayHelper.php b/src/extensions/Zikula/ContentModule/Helper/Base/AbstractEntityDisplayHelper.php
index 2757c56a5..9da5c29ce 100644
--- a/src/extensions/Zikula/ContentModule/Helper/Base/AbstractEntityDisplayHelper.php
+++ b/src/extensions/Zikula/ContentModule/Helper/Base/AbstractEntityDisplayHelper.php
@@ -78,7 +78,7 @@ protected function formatPage(PageEntity $entity): string
return $this->translator->trans(
'%title%',
[
- '%title%' => $entity->getTitle(),
+ '%title%' => htmlspecialchars($entity->getTitle()),
],
'page'
);
@@ -92,7 +92,7 @@ protected function formatContentItem(ContentItemEntity $entity): string
return $this->translator->trans(
'%owningType%',
[
- '%owningType%' => $entity->getOwningType(),
+ '%owningType%' => htmlspecialchars($entity->getOwningType()),
],
'contentItem'
);
diff --git a/templates/bundles/ZikulaContentModule/Page/view.html.twig b/templates/bundles/ZikulaContentModule/Page/view.html.twig
index 840d8dd9f..ec763f935 100644
--- a/templates/bundles/ZikulaContentModule/Page/view.html.twig
+++ b/templates/bundles/ZikulaContentModule/Page/view.html.twig
@@ -101,7 +101,7 @@
{{ page.workflowState|zikulacontentmodule_objectState }}
{% endif %}|
- {{ page.title|notifyFilters('zikulacontentmodule.filterhook.pages')|safeHtml }}
+ {{ page.title|notifyFilters('zikulacontentmodule.filterhook.pages')|safeHtml|e }}
|
{% if countPageViews %}
|