From 14ee49c29cab8874b0ee9858b8243d3f5f095694 Mon Sep 17 00:00:00 2001 From: Axel Guckelsberger Date: Mon, 20 Sep 2021 07:40:30 +0200 Subject: [PATCH] sanitize entity title attributes --- .../ContentModule/Helper/Base/AbstractEntityDisplayHelper.php | 4 ++-- templates/bundles/ZikulaContentModule/Page/view.html.twig | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/extensions/Zikula/ContentModule/Helper/Base/AbstractEntityDisplayHelper.php b/src/extensions/Zikula/ContentModule/Helper/Base/AbstractEntityDisplayHelper.php index 2757c56a5..9da5c29ce 100644 --- a/src/extensions/Zikula/ContentModule/Helper/Base/AbstractEntityDisplayHelper.php +++ b/src/extensions/Zikula/ContentModule/Helper/Base/AbstractEntityDisplayHelper.php @@ -78,7 +78,7 @@ protected function formatPage(PageEntity $entity): string return $this->translator->trans( '%title%', [ - '%title%' => $entity->getTitle(), + '%title%' => htmlspecialchars($entity->getTitle()), ], 'page' ); @@ -92,7 +92,7 @@ protected function formatContentItem(ContentItemEntity $entity): string return $this->translator->trans( '%owningType%', [ - '%owningType%' => $entity->getOwningType(), + '%owningType%' => htmlspecialchars($entity->getOwningType()), ], 'contentItem' ); diff --git a/templates/bundles/ZikulaContentModule/Page/view.html.twig b/templates/bundles/ZikulaContentModule/Page/view.html.twig index 840d8dd9f..ec763f935 100644 --- a/templates/bundles/ZikulaContentModule/Page/view.html.twig +++ b/templates/bundles/ZikulaContentModule/Page/view.html.twig @@ -101,7 +101,7 @@ {{ page.workflowState|zikulacontentmodule_objectState }} {% endif %} - {{ page.title|notifyFilters('zikulacontentmodule.filterhook.pages')|safeHtml }} + {{ page.title|notifyFilters('zikulacontentmodule.filterhook.pages')|safeHtml|e }} {% if countPageViews %}