From 21906acb5ee2304552f56f9bbdbf8e7d368f7f3a Mon Sep 17 00:00:00 2001
From: Thomas Mortagne <thomas.mortagne@gmail.com>
Date: Tue, 4 Jan 2022 11:33:53 +0100
Subject: [PATCH] XWIKI-19293: Fix bad escaping

---
 .../src/main/resources/Filter/FilterStreamDescriptorForm.xml  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/xwiki-platform-core/xwiki-platform-filter/xwiki-platform-filter-ui/src/main/resources/Filter/FilterStreamDescriptorForm.xml b/xwiki-platform-core/xwiki-platform-filter/xwiki-platform-filter-ui/src/main/resources/Filter/FilterStreamDescriptorForm.xml
index d1ab451ee5d..1a38e1e6cc0 100644
--- a/xwiki-platform-core/xwiki-platform-filter/xwiki-platform-filter-ui/src/main/resources/Filter/FilterStreamDescriptorForm.xml
+++ b/xwiki-platform-core/xwiki-platform-filter/xwiki-platform-filter-ui/src/main/resources/Filter/FilterStreamDescriptorForm.xml
@@ -58,9 +58,9 @@
       &lt;dd&gt;
         ## TODO: design a real framework to generate form by type
         #if (($descriptor.defaultValue || "$!descriptor.defaultValue" != '') &amp;&amp; ($descriptor.type.getName() == 'boolean' || $descriptor.type.getName() == 'int' || $descriptor.type.getName() == 'java.lang.String'))
-          &lt;input type="text" id="$descriptorId" name="$descriptorId" value="#if($request.get($descriptorId))$request.get($descriptorId)#else$descriptor.defaultValue#end"/&gt;
+          &lt;input type="text" id="$descriptorId" name="$descriptorId" value="#if($request.get($descriptorId))$escapetool.xml($request.get($descriptorId))#else$descriptor.defaultValue#end"/&gt;
         #else
-          &lt;input type="text" id="$descriptorId" name="$descriptorId"#if($request.get($descriptorId))value="$request.get($descriptorId)"#end/&gt;
+          &lt;input type="text" id="$descriptorId" name="$descriptorId"#if($request.get($descriptorId))value="$escapetool.xml($request.get($descriptorId))"#end/&gt;
         #end
       &lt;/dd&gt;
     #end
-- 
GitLab