From ba43e2c4e8224ec9e97b9764a98113d1d42e7488 Mon Sep 17 00:00:00 2001
From: "Daniel Cazalla (ZallaxDev)"
 <86362063+ZallaxDev@users.noreply.github.com>
Date: Mon, 9 Dec 2024 16:01:32 +0100
Subject: [PATCH] LTI: Added HTML escaping in confirmation screen

Added htmlspecialchars in ilLTIConsumerAdministrationGUI::confirmDeleteProviders
---
 .../classes/class.ilLTIConsumerAdministrationGUI.php            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Modules/LTIConsumer/classes/class.ilLTIConsumerAdministrationGUI.php b/Modules/LTIConsumer/classes/class.ilLTIConsumerAdministrationGUI.php
index 64f0627e577a..564e984df96b 100755
--- a/Modules/LTIConsumer/classes/class.ilLTIConsumerAdministrationGUI.php
+++ b/Modules/LTIConsumer/classes/class.ilLTIConsumerAdministrationGUI.php
@@ -785,7 +785,7 @@ protected function confirmDeleteProviders(array $providers, string $cancelComman
             $confirmationGUI->addItem(
                 'provider_ids[]',
                 (string) $provider->getId(),
-                $provider->getTitle(),
+                htmlspecialchars($provider->getTitle()),
                 $providerIcon
             );
         }