From 6abcb0db75324ff39f6557a1bcfcf90bc1a03d69 Mon Sep 17 00:00:00 2001
From: Thomas Steur <thomas.steur@gmail.com>
Date: Tue, 12 Nov 2013 00:06:09 +0000
Subject: refs #4256 by default escape notification message

---
 core/Twig.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'core/Twig.php')

diff --git a/core/Twig.php b/core/Twig.php
index 389a579a63..01282ef35d 100644
--- a/core/Twig.php
+++ b/core/Twig.php
@@ -172,7 +172,13 @@ class Twig
             }
 
             $template .= '>';
-            $template .= $message;
+
+            if (!empty($options['raw'])) {
+                $template .= $message;
+            } else {
+                $template .= twig_escape_filter($twigEnv, $message, 'html');
+            }
+
             $template .= '</div>';
 
             return $template;
-- 
cgit v1.2.3