Fix XSS, prevent their storage

[galette.git] / galette / templates / default / gestion_intitule_content.tpl

diff --git a/galette/templates/default/gestion_intitule_content.tpl b/galette/templates/default/gestion_intitule_content.tpl
index ee9f05a0995d0e9e61300214a847166b09f5ef10..a6cfa2a85eb696b6302ceb83f95cd9650a40f35e 100644 (file)
--- a/galette/templates/default/gestion_intitule_content.tpl
+++ b/galette/templates/default/gestion_intitule_content.tpl
@@ -57,7 +57,7 @@
                     {$eid}
                     <span class="row-title">
                         <a href="{path_for name="editEntitled" data=["class" => $url_class, "action" => "edit", "id" => $eid]}">
-                            {_T string="%s field" pattern="/%s/" replace=$entry.name}
+                            {_T string="%s field" pattern="/%s/" replace=$entry.name|escape}
                         </a>
                     </span>
                 </td>
@@ -89,14 +89,14 @@
                         class="action tooltip"
                     >
                         <i class="fas fa-edit fa-fw"></i>
-                        <span class="sr-only">{_T string="Edit '%s' field" pattern="/%s/" replace=$entry.name}</span>
+                        <span class="sr-only">{_T string="Edit '%s' field" pattern="/%s/" replace=$entry.name|escape}</span>
                     </a>
                     <a
                         href="{path_for name="removeEntitled" data=["class" => $url_class, "id" => $eid]}"
                         class="delete tooltip"
                     >
                         <i class="fas fa-trash fa-fw"></i>
-                        <span class="sr-only">{_T string="Delete '%s' field" pattern="/%s/" replace=$entry.name}</span>
+                        <span class="sr-only">{_T string="Delete '%s' field" pattern="/%s/" replace=$entry.name|escape}</span>
                     </a>
                 </td>
             </tr>