From e300086cc8720d014ba709c8f46eb80d1d891444 Mon Sep 17 00:00:00 2001
From: Sarjuuk <junkdump@gmx.net>
Date: Mon, 6 Oct 2025 23:03:30 +0200
Subject: [PATCH] IconElement/Fixup  * a DOMElements text value must be escaped
 manually    (e.g. Foror &amp; Tigule)

---
 includes/components/frontend/iconelement.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/components/frontend/iconelement.class.php b/includes/components/frontend/iconelement.class.php
index a9fdac67..d5ab685e 100644
--- a/includes/components/frontend/iconelement.class.php
+++ b/includes/components/frontend/iconelement.class.php
@@ -102,7 +102,7 @@ class IconElement
         }
 
         if ($this->href)
-            ($a = $dom->createElement('a', $this->text))->setAttribute('href', $this->href);
+            ($a = $dom->createElement('a', htmlentities($this->text)))->setAttribute('href', $this->href);
         else
             $a = $dom->createTextNode($this->text);