From bfa4ad3b2cfc81bd7c2a5c6fc1ba1f2caaef807a Mon Sep 17 00:00:00 2001
From: srosse <stephane.rosse@frentix.com>
Date: Mon, 11 Jan 2021 10:45:11 +0100
Subject: [PATCH] OO-5198: don't escape booking description with HTML code

---
 .../paypalcheckout/ui/PaypalSmartButtonAccessController.java  | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/olat/resource/accesscontrol/provider/paypalcheckout/ui/PaypalSmartButtonAccessController.java b/src/main/java/org/olat/resource/accesscontrol/provider/paypalcheckout/ui/PaypalSmartButtonAccessController.java
index 23c637a0708..e7cf81a2a9c 100644
--- a/src/main/java/org/olat/resource/accesscontrol/provider/paypalcheckout/ui/PaypalSmartButtonAccessController.java
+++ b/src/main/java/org/olat/resource/accesscontrol/provider/paypalcheckout/ui/PaypalSmartButtonAccessController.java
@@ -76,7 +76,9 @@ public class PaypalSmartButtonAccessController extends FormBasicController imple
 			
 			String description = link.getOffer().getDescription();
 			if(StringHelper.containsNonWhitespace(description)) {
-				description = Formatter.escWithBR(description).toString();
+				if(!StringHelper.isHtml(description)) {
+					description = Formatter.escWithBR(description).toString();
+				}
 				description = StringHelper.xssScan(description);
 				layoutCont.contextPut("description", description);
 			}
-- 
GitLab