Merge pull request #201 from silverstripe/pulls/2.0/escape-panel-keys
FIX Ensure actions panel keys and values have possible HTML escaped
This commit is contained in:
commit
82a8a4b142
|
@ -1320,6 +1320,9 @@ class DMSDocument extends DataObject implements DMSDocumentInterface
|
||||||
. '<ul>';
|
. '<ul>';
|
||||||
|
|
||||||
foreach ($this->actionTasks as $panelKey => $title) {
|
foreach ($this->actionTasks as $panelKey => $title) {
|
||||||
|
$panelKey = Convert::raw2xml($panelKey);
|
||||||
|
$title = Convert::raw2xml($title);
|
||||||
|
|
||||||
$html .= '<li class="ss-ui-button dmsdocument-action" data-panel="' . $panelKey . '">'
|
$html .= '<li class="ss-ui-button dmsdocument-action" data-panel="' . $panelKey . '">'
|
||||||
. _t('DMSDocument.ACTION_' . strtoupper($panelKey), $title)
|
. _t('DMSDocument.ACTION_' . strtoupper($panelKey), $title)
|
||||||
. '</li>';
|
. '</li>';
|
||||||
|
|
Loading…
Reference in New Issue