From 725b10a8b7a2b3414c99f7e4b6dfa70de587a6ec Mon Sep 17 00:00:00 2001
From: Alexander Ebert <ebert@woltlab.com>
Date: Mon, 1 Jan 2024 13:47:35 +0100
Subject: [PATCH] Encode the title of conversations

---
 files/lib/data/conversation/ConversationAction.class.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/files/lib/data/conversation/ConversationAction.class.php b/files/lib/data/conversation/ConversationAction.class.php
index d21b0fe..c07d4d6 100644
--- a/files/lib/data/conversation/ConversationAction.class.php
+++ b/files/lib/data/conversation/ConversationAction.class.php
@@ -26,6 +26,7 @@ use wcf\system\user\notification\object\ConversationUserNotificationObject;
 use wcf\system\user\notification\UserNotificationHandler;
 use wcf\system\user\storage\UserStorageHandler;
 use wcf\system\WCF;
+use wcf\util\StringUtil;
 
 /**
  * Executes conversation-related actions.
@@ -936,7 +937,7 @@ class ConversationAction extends AbstractDatabaseObjectAction implements
             );
 
             return [
-                'content' => $conversation->getTitle(),
+                'content' => StringUtil::encodeHTML($conversation->getTitle()),
                 'image' => $image,
                 'isUnread' => $conversation->isNew(),
                 'link' => $link,
-- 
2.20.1