From 56c4169653d63d7871203514530a4c8db4789d70 Mon Sep 17 00:00:00 2001
From: Jakub Brzegowski <symfiz@gmail.com>
Date: Wed, 20 Oct 2021 17:39:22 +0200
Subject: [PATCH 1/2] IBX-1286: Fix tables template XSS vulnerability - add
 default escape

---
 .../views/themes/admin/system_info/composer.html.twig         | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/bundle/Resources/views/themes/admin/system_info/composer.html.twig b/src/bundle/Resources/views/themes/admin/system_info/composer.html.twig
index 0ca62711..800f73b1 100644
--- a/src/bundle/Resources/views/themes/admin/system_info/composer.html.twig
+++ b/src/bundle/Resources/views/themes/admin/system_info/composer.html.twig
@@ -45,8 +45,8 @@
             {% endset %}
 
             {% set body_rows = body_rows|merge([{ cols: [
-                { content: col_name },
-                { content: col_version },
+                { content: col_name, raw: true },
+                { content: col_version, raw: true },
             ] }]) %}
         {% endfor %}
 

From b9ddd53c867f68a3bb313072be6b2a1432d1b40b Mon Sep 17 00:00:00 2001
From: Jakub Brzegowski <symfiz@gmail.com>
Date: Thu, 21 Oct 2021 09:56:44 +0200
Subject: [PATCH 2/2] remove duplicates body_rows, head_cols

---
 .../Resources/views/themes/admin/system_info/composer.html.twig | 2 +-
 .../views/themes/admin/system_info/symfony_kernel.html.twig     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/bundle/Resources/views/themes/admin/system_info/composer.html.twig b/src/bundle/Resources/views/themes/admin/system_info/composer.html.twig
index 800f73b1..6f6405cf 100644
--- a/src/bundle/Resources/views/themes/admin/system_info/composer.html.twig
+++ b/src/bundle/Resources/views/themes/admin/system_info/composer.html.twig
@@ -56,7 +56,7 @@
                 { content: 'packages.name'|trans|desc('Name') },
                 { content: 'packages.version'|trans|desc('Version') },
             ],
-            body_rows: body_rows,
+            body_rows,
             empty_table_info_text: 'packages.empty'|trans|desc('No packages installed.'),
         } %}
     </div>
diff --git a/src/bundle/Resources/views/themes/admin/system_info/symfony_kernel.html.twig b/src/bundle/Resources/views/themes/admin/system_info/symfony_kernel.html.twig
index cfdbbf49..710077f1 100644
--- a/src/bundle/Resources/views/themes/admin/system_info/symfony_kernel.html.twig
+++ b/src/bundle/Resources/views/themes/admin/system_info/symfony_kernel.html.twig
@@ -62,7 +62,7 @@
                 { content: 'symfony_kernel.name'|trans|desc('Name') },
                 { content: 'symfony_kernel.path'|trans|desc('Path') },
             ],
-            body_rows: body_rows,
+            body_rows,
             empty_table_info_text: 'symfony_kernel.bundles.empty'|trans|desc('No bundles installed.'),
         } %}
     </div>