From f4ee11611294c2cc957453768f768de0a51b05a7 Mon Sep 17 00:00:00 2001
From: Thomas Citharel <tcit@tcit.fr>
Date: Thu, 14 Dec 2023 10:57:12 +0100
Subject: [PATCH] fix(front): escape event.title when it's passed to dialog
 component HTML message

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
---
 src/components/Event/EventParticipationCard.vue | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/components/Event/EventParticipationCard.vue b/src/components/Event/EventParticipationCard.vue
index dfd470cb9..0b067e0f8 100644
--- a/src/components/Event/EventParticipationCard.vue
+++ b/src/components/Event/EventParticipationCard.vue
@@ -346,6 +346,7 @@ import { Dialog } from "@/plugins/dialog";
 import { Snackbar } from "@/plugins/snackbar";
 import { useDeleteEvent } from "@/composition/apollo/event";
 import Tag from "@/components/TagElement.vue";
+import { escapeHtml } from "@/utils/html";
 import Bullhorn from "vue-material-design-icons/Bullhorn.vue";
 
 const props = defineProps<{
@@ -388,7 +389,7 @@ const openDeleteEventModal = (
       )}
       <br><br>
       ${t('To confirm, type your event title "{eventTitle}"', {
-        eventTitle: event.title,
+        eventTitle: escapeHtml(event.title),
       })}`,
     confirmText: t("Delete {eventTitle}", {
       eventTitle: event.title,