[SECURITY] XSS in TCA Tree
[Packages/TYPO3.CMS.git] / typo3 / sysext / backend / Classes / Tree / Renderer / ExtJsJsonTreeRenderer.php
index 626a564..8f49462 100644 (file)
@@ -76,6 +76,13 @@ class ExtJsJsonTreeRenderer extends \TYPO3\CMS\Backend\Tree\Renderer\AbstractTre
                        'id' => $node->getId(),
                        'uid' => $node->getId()
                );
+
+               foreach ($nodeArray as &$nodeItem) {
+                       if (is_string($nodeItem)) {
+                               $nodeItem = htmlspecialchars($nodeItem);
+                       }
+               }
+
                return $nodeArray;
        }