Escape URLs of navigation items while rendering them

fixes #11091
2016-02-18 15:01:21 +01:00 · 2016-02-18 15:01:21 +01:00 · a83ab2c7cb
parent 2ec36667eb
commit a83ab2c7cb
1 changed files with 1 additions and 1 deletions
--- a/library/Icinga/Web/Navigation/Renderer/NavigationItemRenderer.php
+++ b/library/Icinga/Web/Navigation/Renderer/NavigationItemRenderer.php
@ -192,7 +192,7 @@ class NavigationItemRenderer
            $content = sprintf(
                '<a%s href="%s"%s>%s</a>',
                $this->view()->propertiesToString($item->getAttributes()),
-                $url,
+                $this->view()->escape($url),
                $this->renderTargetAttribute(),
                $label
            );