From 370b42d1fd56729a0528bc9e94b0356b675ea6bc Mon Sep 17 00:00:00 2001
From: acognet <anne-catherine.cognet@combodo.com>
Date: Mon, 4 Oct 2021 17:28:05 +0200
Subject: [PATCH] =?UTF-8?q?N=C2=B03835=20-=20Make=20global=20pass=20on=20a?=
 =?UTF-8?q?ll=20inputs=20(objects,=20dashlets,=20...)=20to=20ensure=20XSS?=
 =?UTF-8?q?=20and=20double=20encoding=20have=20been=20dealt=20with?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 js/extkeywidget.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/js/extkeywidget.js b/js/extkeywidget.js
index fbc4471ffe..41e45ef1ab 100644
--- a/js/extkeywidget.js
+++ b/js/extkeywidget.js
@@ -230,8 +230,9 @@ function ExtKeyWidget(id, sTargetClass, sFilter, sTitle, bSelectMode, oWizHelper
 				},
 				select: function (event, ui) {
 					$('#'+me.id).val(ui.item.value);
-					$('#label_'+me.id).val(ui.item.label);
-					$('#label_'+me.id).data('selected_value', ui.item.label);
+					let labelValue = $('<div>').html(ui.item.label).text();
+					$('#label_'+me.id).val(labelValue);
+					$('#label_'+me.id).data('selected_value', labelValue);
 					$('#'+me.id).trigger('validate');
 					$('#'+me.id).trigger('extkeychange');
 					$('#'+me.id).trigger('change');