From 4e6b93686284cdd29c94c78eb00220692f9bfba9 Mon Sep 17 00:00:00 2001
From: Johannes Meyer <johannes.meyer@icinga.com>
Date: Tue, 9 Oct 2018 08:30:20 +0200
Subject: [PATCH] helpers/url: Properly escape image urls

---
 library/Icinga/Web/View/helpers/url.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/Icinga/Web/View/helpers/url.php b/library/Icinga/Web/View/helpers/url.php
index 390808e5c..0d1c83e74 100644
--- a/library/Icinga/Web/View/helpers/url.php
+++ b/library/Icinga/Web/View/helpers/url.php
@@ -77,7 +77,7 @@ $this->addHelperFunction('img', function ($url, $params = null, array $propertie
 
     return sprintf(
         '<img src="%s"%s />',
-        $view->url($url, $params),
+        $view->escape($view->url($url, $params)),
         $view->propertiesToString($properties)
     );
 });