From ecd0c9ec7e02ec9f90d1691303f0fd1d03853005 Mon Sep 17 00:00:00 2001
From: Eudaldo Alonso <eudaldo.alonso@liferay.com>
Date: Fri, 12 Apr 2024 08:15:43 +0200
Subject: [PATCH] LPD-22808 Escape message

---
 .../liferay/layout/taglib/servlet/taglib/LayoutCommonTag.java  | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/modules/apps/layout/layout-taglib/src/main/java/com/liferay/layout/taglib/servlet/taglib/LayoutCommonTag.java b/modules/apps/layout/layout-taglib/src/main/java/com/liferay/layout/taglib/servlet/taglib/LayoutCommonTag.java
index c6fa2c673e6661..c609793d1a5785 100644
--- a/modules/apps/layout/layout-taglib/src/main/java/com/liferay/layout/taglib/servlet/taglib/LayoutCommonTag.java
+++ b/modules/apps/layout/layout-taglib/src/main/java/com/liferay/layout/taglib/servlet/taglib/LayoutCommonTag.java
@@ -15,6 +15,7 @@
 import com.liferay.portal.kernel.servlet.SessionMessages;
 import com.liferay.portal.kernel.theme.ThemeDisplay;
 import com.liferay.portal.kernel.util.GetterUtil;
+import com.liferay.portal.kernel.util.HtmlUtil;
 import com.liferay.portal.kernel.util.PortalUtil;
 import com.liferay.portal.kernel.util.PropsKeys;
 import com.liferay.portal.kernel.util.PropsUtil;
@@ -162,7 +163,7 @@ private String _getScript(String message, String type) {
 		StringBundler sb = new StringBundler(7);
 
 		sb.append("Liferay.Util.openToast({autoClose: 10000, message: '");
-		sb.append(message);
+		sb.append(HtmlUtil.escape(message));
 		sb.append("', title: '");
 		sb.append(LanguageUtil.get(getRequest(), type));
 		sb.append(":', type: '");