From 46eb78cd41a37bac172101520042afc2ca48b980 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Sat, 19 Sep 2020 04:18:51 +0200
Subject: [PATCH] Fix escape

---
 htdocs/public/opensurvey/studs.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/public/opensurvey/studs.php b/htdocs/public/opensurvey/studs.php
index 358bf2aa1c6..8b2e8663dac 100644
--- a/htdocs/public/opensurvey/studs.php
+++ b/htdocs/public/opensurvey/studs.php
@@ -390,7 +390,7 @@ if ($object->format == "D")
 	for ($i = 0; isset($toutsujet[$i]); $i++)
 	{
 		$tmp = explode('@', $toutsujet[$i]);
-		print '<td class="sujet">'.$tmp[0].'</td>'."\n";
+		print '<td class="sujet">'.dol_escape_htmltag($tmp[0]).'</td>'."\n";
 	}
 
 	print '</tr>'."\n";