From aaa920719f5ae5ef16d75034ebb9870f696c2b46 Mon Sep 17 00:00:00 2001
From: elitsa <elm@umbraco.dk>
Date: Mon, 5 Nov 2018 12:41:19 +0100
Subject: [PATCH] Adding html encoding when updating or removing Public Access
 of a content.

---
 .../umbraco.presentation/umbraco/dialogs/protectPage.aspx.cs | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/protectPage.aspx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/protectPage.aspx.cs
index 6fe22f0cd3..ef6fc53f1f 100644
--- a/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/protectPage.aspx.cs
+++ b/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/protectPage.aspx.cs
@@ -1,6 +1,7 @@
 using System;
 using System.Globalization;
 using System.Linq;
+using System.Web;
 using System.Web.Security;
 using System.Web.UI;
 using System.Web.UI.WebControls;
@@ -268,7 +269,7 @@ namespace umbraco.presentation.umbraco.dialogs
                 }
             }
 
-            feedback_text.Text = ui.Text("publicAccess", "paIsProtected", new cms.businesslogic.CMSNode(pageId).Text);
+            feedback_text.Text = HttpUtility.HtmlEncode(ui.Text("publicAccess", "paIsProtected", new cms.businesslogic.CMSNode(pageId).Text));
 
             p_setup.Visible = false;
             p_feedback.Visible = true;
@@ -287,7 +288,7 @@ namespace umbraco.presentation.umbraco.dialogs
 
             Access.RemoveProtection(pageId);
 
-            feedback_text.Text = ui.Text("publicAccess", "paIsRemoved", new cms.businesslogic.CMSNode(pageId).Text);
+            feedback_text.Text = HttpUtility.HtmlEncode(ui.Text("publicAccess", "paIsRemoved", new cms.businesslogic.CMSNode(pageId).Text));
             p_feedback.Visible = true;
 
             var content = ApplicationContext.Current.Services.ContentService.GetById(pageId);