#7916 Applied html_entity_decode to return sanitized value

pkp · Jun 19, 2023 · fd9be0c · fd9be0c
1 parent 9574ae8
commit fd9be0c
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/classes/core/PKPString.php b/classes/core/PKPString.php
@@ -458,10 +458,10 @@ public static function stripUnsafeHtml(?string $input, string $key = 'allowed_ht
             $sanitizer = new HtmlSanitizer($config);
         }
 
-        return $sanitizer->sanitize(
-            strip_tags(
-                $input, 
-                $allowedTagToAttributeMap->keys()->toArray()
+        // need to apply html_entity_decode as sanitizer apply htmlentities internally for special chars
+        return html_entity_decode(
+            $sanitizer->sanitize(
+                strip_tags($input, $allowedTagToAttributeMap->keys()->toArray())
             )
         );
     }