From 84941f6e768ef18d3ff7d1bf464475841079c8d0 Mon Sep 17 00:00:00 2001
From: srosse <stephane.rosse@frentix.com>
Date: Thu, 10 Dec 2020 15:46:06 +0100
Subject: [PATCH] no-jira: re-scan close title

---
 .../core/gui/components/stack/BreadcrumbedStackedPanel.java     | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/main/java/org/olat/core/gui/components/stack/BreadcrumbedStackedPanel.java b/src/main/java/org/olat/core/gui/components/stack/BreadcrumbedStackedPanel.java
index bc9b85032a0..6a75826910b 100644
--- a/src/main/java/org/olat/core/gui/components/stack/BreadcrumbedStackedPanel.java
+++ b/src/main/java/org/olat/core/gui/components/stack/BreadcrumbedStackedPanel.java
@@ -589,6 +589,7 @@ public class BreadcrumbedStackedPanel extends Panel implements BreadcrumbPanel,
 			// special case: root crumb
 			Link link = stack.get(0);
 			String unescapedText = StringHelper.unescapeHtml(link.getCustomDisplayText());
+			unescapedText = StringHelper.xssScan(unescapedText);
 			closeText = getTranslator().translate("doclose", new String[] { unescapedText });
 			showClose = isShowCloseLinkForRootCrumb();
 			backLink.setTitle(closeText);
@@ -596,6 +597,7 @@ public class BreadcrumbedStackedPanel extends Panel implements BreadcrumbPanel,
 		} else {
 			Link link = stack.get(stack.size()-1);
 			String unescapedText = StringHelper.unescapeHtml(link.getCustomDisplayText());
+			unescapedText = StringHelper.xssScan(unescapedText);
 			closeText = getTranslator().translate("doclose", new String[] { unescapedText });
 			showClose = isShowCloseLink();
 			backLink.setTitle(getTranslator().translate("back"));
-- 
GitLab