From 764a170cd06dd93963181257fc81c35e9e58ee80 Mon Sep 17 00:00:00 2001
From: Stephen Abello <stephen.abello@combodo.com>
Date: Mon, 3 Jul 2023 14:29:45 +0200
Subject: [PATCH] =?UTF-8?q?N=C2=B06483=20-=20Security=20hardening?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 js/search/search_form_criteria_enum.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/js/search/search_form_criteria_enum.js b/js/search/search_form_criteria_enum.js
index 3fb73d42e4..c30498a86b 100644
--- a/js/search/search_form_criteria_enum.js
+++ b/js/search/search_form_criteria_enum.js
@@ -872,13 +872,13 @@ $(function()
 		// - Make a jQuery element for a list item
 		_makeListItemElement: function(sLabel, sValue, bInitChecked, bInitHidden,bObsolete, sAdditionalField)
 		{
-			var sEscapedLabel = $('<div />').text(sLabel).html();
+			var sEscapedLabel = CombodoSanitizer.EscapeHtml(sLabel, false);
 			if (bObsolete == 1)	{
 				sEscapedLabel = '<span class="object-ref-icon text_decoration"><span class="fas fa-eye-slash object-obsolete fa-1x fa-fw"></span></span>'+sEscapedLabel;
 			}
 
 			if (sAdditionalField != undefined )	{
-				sEscapedLabel = sEscapedLabel+'<br><i>'+sAdditionalField+'</i>';
+				sEscapedLabel = sEscapedLabel+'<br><i>'+CombodoSanitizer.EscapeHtml(sAdditionalField, false)+'</i>';
 			}
 
 			var oItemElem = $('<div></div>')