From 11b1e0b420c9529a37e90473c553f7ce783d54f5 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Fri, 18 Sep 2020 01:39:32 +0200
Subject: [PATCH] Escape output

---
 htdocs/projet/card.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/projet/card.php b/htdocs/projet/card.php
index 9dc13ca7c37..c1c59bcd3b7 100644
--- a/htdocs/projet/card.php
+++ b/htdocs/projet/card.php
@@ -971,7 +971,7 @@ if ($action == 'create' && $user->rights->projet->creer)
 
 		$morehtmlref = '<div class="refidno">';
 		// Title
-		$morehtmlref .= $object->title;
+		$morehtmlref .= dol_escape_htmltag($object->title);
 		// Thirdparty
 		$morehtmlref .= '<br>'.$langs->trans('ThirdParty').' : ';
 		if ($object->thirdparty->id > 0)