Security: Portfolio: Apply remove XSS on items and comments content - refs BT#22113

main/inc/lib/PortfolioController.php

@@ -4094,7 +4094,7 @@ class PortfolioController
             $origin = $em->find(Portfolio::class, $item->getOrigin());
 
             if ($origin) {
-                $originContent = $origin->getContent();
+                $originContent = Security::remove_XSS($origin->getContent());
                 $originContentFooter = vsprintf(
                     get_lang('OriginallyPublishedAsXTitleByYUser'),
                     [
@@ -4107,7 +4107,7 @@ class PortfolioController
             $origin = $em->find(PortfolioComment::class, $item->getOrigin());
 
             if ($origin) {
-                $originContent = $origin->getContent();
+                $originContent = Security::remove_XSS($origin->getContent());
                 $originContentFooter = vsprintf(
                     get_lang('OriginallyCommentedByXUserInYItem'),
                     [

main/template/default/portfolio/view.html.twig

@@ -47,7 +47,7 @@
         </ul>
     </header>
 
-    {{ item_content }}
+    {{ item_content|remove_xss }}
 
     {% if attachment_list %}
         <section>