[SECURITY] XSS in TCA Tree
[Packages/TYPO3.CMS.git] / typo3 / sysext / backend / Classes / Tree / Renderer / UnorderedListTreeRenderer.php
index 6d6276a..35c99d0 100644 (file)
@@ -50,7 +50,7 @@ class UnorderedListTreeRenderer extends \TYPO3\CMS\Backend\Tree\Renderer\Abstrac
         * @return string
         */
        public function renderNode(\TYPO3\CMS\Backend\Tree\TreeRepresentationNode $node, $recursive = TRUE) {
-               $code = '<li><span class="' . $node->getIcon() . '">&nbsp;</span>' . $node->getLabel();
+               $code = '<li><span class="' . htmlspecialchars($node->getIcon()) . '">&nbsp;</span>' . htmlspecialchars($node->getLabel());
                if ($recursive && $node->getChildNodes() !== NULL) {
                        $this->recursionLevel++;
                        $code .= $this->renderNodeCollection($node->getChildNodes());