From 31c837fe3c9e3fdced91ac3d0da6957306e5ec92 Mon Sep 17 00:00:00 2001
From: Josh Crawford <joshua@sgroup.com.au>
Date: Fri, 22 May 2020 21:44:29 +1000
Subject: [PATCH] Fix potential stored XSS in Bulk Resize action

---
 src/templates/settings/_panes/resize-bulk.html | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/templates/settings/_panes/resize-bulk.html b/src/templates/settings/_panes/resize-bulk.html
index 4f0498c..633fd45 100644
--- a/src/templates/settings/_panes/resize-bulk.html
+++ b/src/templates/settings/_panes/resize-bulk.html
@@ -17,7 +17,9 @@
                     <td>{{ item.label }}</td>
 
                     <td>
-                        <div class="btn small bulk-resize-btn" data-id="{{ item.value }}" data-name="{{ item.label | t('image-resizer') }}">
+                        {{ item.label | t('image-resizer') }}
+
+                        <div class="btn small bulk-resize-btn" data-id="{{ item.value }}" data-name="{{ item.label | e('js') }}">
                             {{ "Bulk Resize" | t('image-resizer') }}
                         </div>
                     </td>