From a157eeda0d28561c12c5cb0f87aa2bbb3a2c3efb Mon Sep 17 00:00:00 2001
From: Andrew Hunt <andrew@aghstrategies.com>
Date: Mon, 11 May 2020 09:40:25 -0400
Subject: [PATCH] Icon helper: replace quotes in html title.

---
 CRM/Core/Page.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CRM/Core/Page.php b/CRM/Core/Page.php
index b483b1b1f7..5e7844367c 100644
--- a/CRM/Core/Page.php
+++ b/CRM/Core/Page.php
@@ -443,6 +443,7 @@ class CRM_Core_Page {
       $title = $sr = '';
     }
     else {
+      $text = htmlspecialchars($text);
       $title = " title=\"$text\"";
       $sr = "<span class=\"sr-only\">$text</span>";
     }
-- 
2.25.1