diff --git a/core/attributedef.class.inc.php b/core/attributedef.class.inc.php
index cfb29d1e4..668bd0ea3 100644
--- a/core/attributedef.class.inc.php
+++ b/core/attributedef.class.inc.php
@@ -10852,7 +10852,7 @@ class AttributeClassAttCodeSet extends AttributeSet
}
}
- $sLabelForHtmlAttribute = MetaModel::GetLabel($sAttClass, $sAttCode)." ($sAttCode)";
+ $sLabelForHtmlAttribute = utils::HtmlEntities(MetaModel::GetLabel($sAttClass, $sAttCode)." ($sAttCode)");
$aLocalizedValues[] = ''.$sAttCode.'';
} catch (Exception $e)
{
@@ -11045,7 +11045,7 @@ class AttributeQueryAttCodeSet extends AttributeSet
$aLocalizedValues = array();
foreach ($value as $sAttCode) {
if (isset($aAllowedAttributes[$sAttCode])) {
- $sLabelForHtmlAttribute = $aAllowedAttributes[$sAttCode];
+ $sLabelForHtmlAttribute = utils::HtmlEntities($aAllowedAttributes[$sAttCode]);
$aLocalizedValues[] = ''.$sAttCode.'';
}
}
@@ -11594,13 +11594,14 @@ class AttributeTagSet extends AttributeSet
$sTooltipContent = $sTagLabel;
$sTooltipHtmlEnabled = 'false';
} else {
+ $sTagLabelEscaped = utils::EscapeHtml($sTagLabel);
$sTooltipContent = <<$sTagLabel
+$sTagLabelEscaped
$sTagDescription
HTML;
$sTooltipHtmlEnabled = 'true';
}
- $sTooltipContent = utils::EscapeHtml($sTooltipContent);
+ $sTooltipContent = utils::HtmlEntities($sTooltipContent);
$sHtml .= ''.$sLabelForHtml.'';
}