Index: trunk/include/functions_html.inc.php
===================================================================
--- trunk/include/functions_html.inc.php (revision 22505)
+++ trunk/include/functions_html.inc.php (revision 22518)
@@ -584,7 +584,7 @@
}
- if (!empty($comment))
- {
- $info['comment'] = trigger_event('render_element_description', $info['comment']);
+ if (!empty($info['comment']))
+ {
+ $info['comment'] = htmlspecialchars(strip_tags(trigger_event('render_element_description', $info['comment'])));
$title.= ' '.substr($info['comment'], 0, 100).(strlen($info['comment']) > 100 ? '...' : '');
}