From ded284d7082444e343d444272e23950775a4039d Mon Sep 17 00:00:00 2001
From: Antoine M <antoine.martinon@deligraph.com>
Date: Wed, 14 May 2025 15:32:46 +0200
Subject: [PATCH] FIX sanitizing titles and anchors in chapter index for
 improved security. using stirp tags instead of esc_html

---
 includes/utilities.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/includes/utilities.php b/includes/utilities.php
index 4b6cc32..5867914 100644
--- a/includes/utilities.php
+++ b/includes/utilities.php
@@ -196,8 +196,8 @@ function build_page_chapter_index($blocks)
 		if ($block['blockName'] == 'homegrade-content-blocks/content-heading'  && isset($block['attrs']['title']) && isset($block['attrs']['headingLevel']) && $block['attrs']['headingLevel'] == "h2") {
 			array_push($chapterBlockIndex, [
 				'block-type' =>  $block['blockName'],
-				'anchor' => 	"#" . esc_html($block['attrs']['idName']),
-				'title' => esc_html($block['attrs']['title']),
+				'anchor' => 	"#" . strip_tags($block['attrs']['idName']),
+				'title' => strip_tags($block['attrs']['title']),
 			]);
 		}
 		if ($block['blockName'] == 'homegrade-content-blocks/chapitrage-thematique') {
@@ -255,7 +255,7 @@ function build_page_chapter_index($blocks)
 			array_push($chapterBlockIndex, [
 				'block-type' =>  $block['blockName'],
 				'anchor' => "#partenaires-autres-services",
-				'title' => __("Partenaires & autres services", "homegrade-blocks__texte-fonctionnel"),
+				'title' => __("Partenaires & autres services", "homegrade-blocks__texte-fonctionnel"),
 			]);
 		}
 		if ($block['blockName'] == 'homegrade-content-blocks/plus-loin') {