Encode the title of conversations

diff --git a/files/lib/data/conversation/ConversationAction.class.php b/files/lib/data/conversation/ConversationAction.class.php
index d21b0fe6ce63d49c80a623ed71eef1ea70f66cb8..c07d4d6c6bdded74ba65aff9d015c6ae55dd5cca 100644 (file)
--- a/files/lib/data/conversation/ConversationAction.class.php
+++ b/files/lib/data/conversation/ConversationAction.class.php
@@ -26,6 +26,7 @@ use wcf\system\user\notification\object\ConversationUserNotificationObject;
 use wcf\system\user\notification\UserNotificationHandler;
 use wcf\system\user\storage\UserStorageHandler;
 use wcf\system\WCF;
+use wcf\util\StringUtil;
 
 /**
  * Executes conversation-related actions.
@@ -936,7 +937,7 @@ class ConversationAction extends AbstractDatabaseObjectAction implements
             );
 
             return [
-                'content' => $conversation->getTitle(),
+                'content' => StringUtil::encodeHTML($conversation->getTitle()),
                 'image' => $image,
                 'isUnread' => $conversation->isNew(),
                 'link' => $link,