Fix html parsing on markdown editor

Closes #4243
2019-07-23 01:26:03 -03:00
parent 97aa9e47e0
commit 21a3634fd1
3 changed files with 3 additions and 3 deletions
--- a/app/Helper/FormHelper.php
+++ b/app/Helper/FormHelper.php
@@ -232,7 +232,7 @@ class FormHelper extends Base
        }

        $html = '<div class="js-text-editor" data-params=\''.json_encode($params, JSON_HEX_APOS).'\'>';
-        $html .= '<script type="text/template">'.(isset($values[$name]) ? $values[$name] : '').'</script>';
+        $html .= '<script type="text/template">'.(isset($values[$name]) ? htmlspecialchars($values[$name], ENT_QUOTES, 'UTF-8', true) : '').'</script>';
        $html .= '</div>';
        $html .= $this->errorList($errors, $name);