Escape URLs of navigation items while rendering them

fixes #11091
This commit is contained in:
Alexander A. Klimov 2016-02-18 15:01:21 +01:00
parent 2ec36667eb
commit a83ab2c7cb
1 changed files with 1 additions and 1 deletions

View File

@ -192,7 +192,7 @@ class NavigationItemRenderer
$content = sprintf(
'<a%s href="%s"%s>%s</a>',
$this->view()->propertiesToString($item->getAttributes()),
$url,
$this->view()->escape($url),
$this->renderTargetAttribute(),
$label
);