From 3655f6f407ed504b8e42048a96dd2a8b82c59f35 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Fri, 26 Jun 2020 20:38:41 +0200
Subject: [PATCH] FIX #14109

---
 htdocs/core/class/dolgraph.class.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/core/class/dolgraph.class.php b/htdocs/core/class/dolgraph.class.php
index 0f823984fa2..141ac1e0e85 100644
--- a/htdocs/core/class/dolgraph.class.php
+++ b/htdocs/core/class/dolgraph.class.php
@@ -1144,7 +1144,7 @@ class DolGraph
 			foreach ($legends as $val)	// Loop on each serie
 			{
 				if ($i > 0) $this->stringtoshow .= ', ';
-				$this->stringtoshow .= "'".dol_trunc($val,32)."'";
+				$this->stringtoshow .= "'".dol_escape_js(dol_trunc($val,32))."'";
 				$i++;
 			}
 
@@ -1207,7 +1207,7 @@ class DolGraph
 			foreach ($legends as $val)	// Loop on each serie
 			{
 				if ($i > 0) $this->stringtoshow .= ', ';
-				$this->stringtoshow .= "'".$val."'";
+				$this->stringtoshow .= "'".dol_escape_js(dol_trunc($val,32))."'";
 				$i++;
 			}