From 7bb124c0361ffe6a69222883bb8c8af7893f444d Mon Sep 17 00:00:00 2001
From: Dominik Csapak <d.csapak@proxmox.com>
Date: Tue, 14 Jan 2025 12:44:52 +0100
Subject: [PATCH] button: htmlEncode the name/id for the confirm message

so we don't accidentally interpret html tags

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---
 src/button/Button.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/button/Button.js b/src/button/Button.js
index a59a999..cbd52e9 100644
--- a/src/button/Button.js
+++ b/src/button/Button.js
@@ -141,7 +141,7 @@ Ext.define('Proxmox.button.StdRemoveButton', {
 	} else {
 	    text = gettext('Are you sure you want to remove entry {0}');
 	}
-	return Ext.String.format(text, `'${name}'`);
+	return Ext.String.format(text, Ext.htmlEncode(`'${name}'`));
     },
 
     handler: function(btn, event, rec) {