diff --git a/core/Twig/Extension/CrudExtension.php b/core/Twig/Extension/CrudExtension.php
index dcf9894..eb2c015 100644
--- a/core/Twig/Extension/CrudExtension.php
+++ b/core/Twig/Extension/CrudExtension.php
@@ -38,6 +38,7 @@ class CrudExtension extends AbstractExtension
$field = $config['field'];
$instance = new $field();
$resolver = $instance->configureOptions(new OptionsResolver());
+ $flags = ENT_HTML5 | ENT_QUOTES;
$render = $instance->buildView($this->twig, $entity, $resolver->resolve($config['options']), $locale);
@@ -59,7 +60,7 @@ class CrudExtension extends AbstractExtension
}
foreach ($attrs as $k => $v) {
- $attributes .= sprintf(' %s="%s" ', htmlspecialchars($k), htmlspecialchars($v));
+ $attributes .= sprintf(' %s="%s" ', htmlspecialchars($k, $flags), htmlspecialchars($v, $flags));
}
$render = sprintf('%s', $attributes, $render);
diff --git a/core/Twig/Extension/FileInformationExtension.php b/core/Twig/Extension/FileInformationExtension.php
index e1c39e0..876290a 100644
--- a/core/Twig/Extension/FileInformationExtension.php
+++ b/core/Twig/Extension/FileInformationExtension.php
@@ -72,7 +72,7 @@ class FileInformationExtension extends AbstractExtension
if ($fileInfo) {
foreach ($fileInfo->getAttributes() as $attribute) {
if ($attribute['label'] === $label) {
- $value = $attribute['value'];
+ $value = htmlspecialchars($attribute['value'], ENT_HTML5 | ENT_QUOTES);
}
}
}
diff --git a/core/Twig/Extension/UrlExtension.php b/core/Twig/Extension/UrlExtension.php
index 3401a63..8b1eb29 100644
--- a/core/Twig/Extension/UrlExtension.php
+++ b/core/Twig/Extension/UrlExtension.php
@@ -27,7 +27,7 @@ class UrlExtension extends AbstractExtension
public function replaceUrl(?string $content)
{
- preg_match_all('#\{\{\s*url://(?P[a-z_]+)(\?(?P.*))?\s*\}\}#isU', $content, $match, PREG_SET_ORDER);
+ preg_match_all('#\{\{\s*url://(?P[a-z0-9_]+)(\?(?P.*))?\s*\}\}#isU', $content, $match, PREG_SET_ORDER);
foreach ($match as $block) {
$url = null;