From 3824e6e9aa29017e96caae10670546db85dd9ed7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Guillot?= <fred@kanboard.net>
Date: Fri, 6 Jan 2023 21:02:44 +0100
Subject: [PATCH] Fix potential XSS on the Settings / API page

The CSP policy already prevent the execution of inline Javascript.
---
 app/Template/config/api.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Template/config/api.php b/app/Template/config/api.php
index 9a3b06ce4..d194e3529 100644
--- a/app/Template/config/api.php
+++ b/app/Template/config/api.php
@@ -9,7 +9,7 @@
         </li>
         <li>
             <?= t('API endpoint:') ?>
-            <strong><?= $this->url->base().'jsonrpc.php' ?></strong>
+            <strong><?= $this->text->e($this->url->base()).'jsonrpc.php' ?></strong>
         </li>
     </ul>
 </div>