Fix further instances of unescaped browse body

Daniel-KM · Nov 9, 2020 · 7600c9f · 7600c9f
1 parent a1f8770
commit 7600c9f
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/application/view/common/block-layout/browse-preview.phtml b/application/view/common/block-layout/browse-preview.phtml
@@ -1,5 +1,6 @@
 <?php
 $translate = $this->plugin('translate');
+$escape = $this->plugin('escapeHtml');
 ?>
 <div class="preview-block">
 
@@ -28,7 +29,7 @@ foreach ($this->resources as $resource):
             echo '<h4>' . $resource->link($heading) . '</h4>';
         endif;?>
         <?php if ($showBody && $body): ?>
-        <div class="description"><?php echo $body; ?></div>
+        <div class="description"><?php echo $escape($body); ?></div>
         <?php endif; ?>
     </li>
 <?php endforeach; ?>

diff --git a/application/view/omeka/site/item-set/browse.phtml b/application/view/omeka/site/item-set/browse.phtml
@@ -29,7 +29,7 @@ foreach ($itemSets as $itemSet):
         <?php endif; ?>
         <h4><?php echo $itemSet->link($heading); ?></h4>
         <?php if ($body): ?>
-        <div class="description"><?php echo $body; ?></div>
+        <div class="description"><?php echo $escape($body); ?></div>
         <?php endif; ?>
     </li>
 <?php endforeach; ?>