correct description sanitizing for text escape strategy

zikula-modules · Sep 18, 2021 · a91ad18 · a91ad18
1 parent 0171d4f
commit a91ad18
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/Twig/TwigExtension.php b/Twig/TwigExtension.php
@@ -202,7 +202,7 @@ public function escapeDescription($entity)
             case 'raw':
                 return $description;
             case 'text':
-                return nl2br(htmlentities($description));
+                return nl2br(htmlspecialchars($description));
             case 'markdown':
                 return $this->markdownExtra->transform($description);
             default: