From 7cd99160433165c3f62a85a2b4e5d45038ef2371 Mon Sep 17 00:00:00 2001
From: Kwenty <quentin.pen@laposte.net>
Date: Wed, 14 Nov 2018 15:12:28 +0100
Subject: [PATCH] =?UTF-8?q?Avo=C3=AFd=20XSS=20if=20row=20is=20not=20editab?=
 =?UTF-8?q?le?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Datatable/Column/Column.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/Datatable/Column/Column.php b/Datatable/Column/Column.php
index 8baa0fb8..249baf08 100644
--- a/Datatable/Column/Column.php
+++ b/Datatable/Column/Column.php
@@ -49,9 +49,11 @@ public function renderSingleField(array &$row)
 
             if ($this->isEditableContentRequired($row)) {
                 $content = $this->renderTemplate($this->accessor->getValue($row, $path), $row[$this->editable->getPk()]);
-                $this->accessor->setValue($row, $path, $content);
             }
-
+            else {
+                $content = htmlspecialchars($this->accessor->getValue($row, $path));
+            }
+            $this->accessor->setValue($row, $path, $content);
         }
 
         return $this;