From 95eef5d3245ec41c2ade4285b4a1b192c29bed9a Mon Sep 17 00:00:00 2001
From: Julio Montoya <gugli100@gmail.com>
Date: Tue, 3 Aug 2021 09:14:41 +0200
Subject: [PATCH] Notebook: add remove_xss

---
 main/inc/lib/notebook.lib.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/main/inc/lib/notebook.lib.php b/main/inc/lib/notebook.lib.php
index 3b26a8b375..24e4cc1cb0 100755
--- a/main/inc/lib/notebook.lib.php
+++ b/main/inc/lib/notebook.lib.php
@@ -304,9 +304,11 @@ class NotebookManager
                 Display::return_icon('delete.png', get_lang('Delete'), '', ICON_SIZE_SMALL).'</a>';
 
             echo Display::panel(
-                $row['description'],
-                $row['title'].$session_img.' <div class="pull-right">'.$actions.'</div>',
-                get_lang('CreationDate').': '.Display::dateToStringAgoAndLongDate($row['creation_date']).$updateValue
+                Security::remove_XSS($row['description']),
+                Security::remove_XSS($row['title']).$session_img.
+                ' <div class="pull-right">'.$actions.'</div>',
+                get_lang('CreationDate').': '.Display::dateToStringAgoAndLongDate($row['creation_date']).
+                $updateValue
             );
         }
     }