Fixed an XSS vulnerability.

craftcms · Sep 11, 2023 · 0e1b814 · 0e1b814
1 parent 00fd913
commit 0e1b814
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,7 @@
 ## Unreleased
 
 - Fixed a bug where emails were not being ordered by name correctly. ([#3263](https://github.com/craftcms/commerce/issues/3263))
+- Fixed an XSS vulnerability.
 
 ## 3.4.22.1 - 2023-06-03
 

diff --git a/src/elements/Product.php b/src/elements/Product.php
@@ -1303,7 +1303,7 @@ protected function tableAttributeHtml(string $attribute): string
         switch ($attribute) {
             case 'type':
             {
-                return ($productType ? Craft::t('site', $productType->name) : '');
+                return ($productType ? Craft::t('site', Html::encode($productType->name)) : '');
             }
             case 'defaultSku':
             {
@@ -1313,13 +1313,13 @@ protected function tableAttributeHtml(string $attribute): string
             {
                 $taxCategory = $this->getTaxCategory();
 
-                return ($taxCategory ? Craft::t('site', $taxCategory->name) : '');
+                return ($taxCategory ? Craft::t('site', Html::encode($taxCategory->name)) : '');
             }
             case 'shippingCategory':
             {
                 $shippingCategory = $this->getShippingCategory();
 
-                return ($shippingCategory ? Craft::t('site', $shippingCategory->name) : '');
+                return ($shippingCategory ? Craft::t('site', Html::encode($shippingCategory->name)) : '');
             }
             case 'defaultPrice':
             {