From 7ec160423ba826bf330354abaf636c8bfddbca23 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sa=C3=BAl=20D=C3=ADaz?= <sauldiazdiaz210@gmail.com>
Date: Thu, 12 Dec 2024 13:23:44 +0100
Subject: [PATCH] HTML escaping

---
 .../classes/class.ilLTIConsumerSettingsFormGUI.php          | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Modules/LTIConsumer/classes/class.ilLTIConsumerSettingsFormGUI.php b/Modules/LTIConsumer/classes/class.ilLTIConsumerSettingsFormGUI.php
index 4a51167e4584..3a59163ffb1b 100755
--- a/Modules/LTIConsumer/classes/class.ilLTIConsumerSettingsFormGUI.php
+++ b/Modules/LTIConsumer/classes/class.ilLTIConsumerSettingsFormGUI.php
@@ -1,7 +1,5 @@
 <?php
 
-declare(strict_types=1);
-
 /**
  * This file is part of ILIAS, a powerful learning management system
  * published by ILIAS open source e-Learning e.V.
@@ -18,6 +16,8 @@
  *
  *********************************************************************/
 
+declare(strict_types=1);
+
 /**
  * Class ilLTIConsumerSettingsFormGUI
  *
@@ -57,7 +57,7 @@ protected function initForm(string $formaction, string $saveCommand, string $can
 
         $item = new ilNonEditableValueGUI($DIC->language()->txt('provider_info'));
         $item->setValue($this->object->getProvider()->getTitle());
-        $item->setInfo($this->object->getProvider()->getDescription());
+        $item->setInfo(htmlspecialchars($this->object->getProvider()->getDescription()));
         $this->addItem($item);
 
         $item = new ilTextInputGUI($DIC->language()->txt('title'), 'title');