fix xss: escape missed attr displayType

DotCamp · Aug 15, 2024 · 1e61fa2 · 1e61fa2
1 parent 525a9ef
commit 1e61fa2
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/blocks/expand/block.php b/src/blocks/expand/block.php
@@ -2,7 +2,7 @@
 
 function ub_render_expand_portion_block($attributes, $content){
     extract($attributes);
-    return '<div class="ub-expand-portion ub-expand-' . $displayType .
+    return '<div class="ub-expand-portion ub-expand-' . esc_attr($displayType) .
         ($displayType === 'full' ? ' ub-hide' : '').
         (isset($className) ? ' ' . $className : '') . '">' .
         $content .