Adds esc_html for text being output

verticalgrain · Jan 28, 2020 · 5d6083f · 5d6083f
1 parent 8ce8957
commit 5d6083f
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/cmb2-tabs.php b/cmb2-tabs.php
@@ -63,15 +63,15 @@ public function before_form( $cmb_id, $object_id, $object_type, $cmb ) {
                             $fields_selector = apply_filters( 'cmb2_tabs_tab_' . $tab['id'] . '_fields_selector', $fields_selector, $tab, $cmb_id, $object_id, $object_type, $cmb );
                             ?>
 
-                            <div id="<?php echo $cmb_id . '-tab-' . $tab['id']; ?>" class="cmb-tab" data-fields="<?php echo implode( ', ', $fields_selector ); ?>">
+                            <div id="<?php echo esc_html( $cmb_id ) . '-tab-' . esc_html( $tab['id'] ); ?>" class="cmb-tab" data-fields="<?php echo esc_html( implode( ', ', $fields_selector ) ); ?>">
 
                                 <?php if( isset( $tab['icon'] ) && ! empty( $tab['icon'] ) ) :
                                     $tab['icon'] = strpos($tab['icon'], 'dashicons') !== false ? 'dashicons ' . $tab['icon'] : $tab['icon']?>
-                                    <span class="cmb-tab-icon"><i class="<?php echo $tab['icon']; ?>"></i></span>
+                                    <span class="cmb-tab-icon"><i class="<?php echo esc_html( $tab['icon'] ); ?>"></i></span>
                                 <?php endif; ?>
 
                                 <?php if( isset( $tab['title'] ) && ! empty( $tab['title'] ) ) : ?>
-                                    <span class="cmb-tab-title"><?php echo $tab['title']; ?></span>
+                                    <span class="cmb-tab-title"><?php echo esc_html( $tab['title'] ); ?></span>
                                 <?php endif; ?>
                             </div>
                         <?php endforeach; ?>