From a39b5cfad9d90106db03b3f733fb5447618ded56 Mon Sep 17 00:00:00 2001
From: "Hahn Axel (hahn)" <axel.hahn@unibe.ch>
Date: Mon, 16 Sep 2024 12:24:02 +0200
Subject: [PATCH] use htmlentities for html attribute

---
 inc_mode_boxes.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/inc_mode_boxes.php b/inc_mode_boxes.php
index a439eeb..0cf2051 100644
--- a/inc_mode_boxes.php
+++ b/inc_mode_boxes.php
@@ -16,9 +16,9 @@ if (is_array($aIdplist) && count($aIdplist)) {
         $sOut .= '
                     <a href="' . $aEntry['_url']. '" 
                         class="idp"
-                        title="' . $aEntry['_description'] . '"
-                        >' . $aEntry['_label'] . '<br>
-                        <span class="hidden">' . $aEntry['_description'] . ' ' . $aEntry['_keywords'] . ' .'. $aEntry['_tld'] . '</span>
+                        title="' . str_replace('"', '',$aEntry['_description']) . '"
+                        >' . htmlentities($aEntry['_label']) . '<br>
+                        <span class="hidden">' . str_replace('"', '', $aEntry['_description'] . ' ' . $aEntry['_keywords']) . ' .'. $aEntry['_tld'] . '</span>
                         <img src="' . $aEntry['_image'] . '"><br>
                     </a>
                 '
-- 
GitLab