From 61f447ff341d2f7720fb6c5b483cc9fb063e869c Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 25 Sep 2025 17:07:36 +0200
Subject: [PATCH] ids.cgi: Escape the remark before sending it back to the
 browser

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 html/cgi-bin/ids.cgi | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi
index 9c6b393f6..9685b37d0 100644
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -105,7 +105,7 @@ if (($cgiparams{'WHITELIST'} eq $Lang::tr{'add'}) || ($cgiparams{'WHITELIST'} eq
 
 		# Assign hash values.
 		my $new_entry_address = $cgiparams{'IGNORE_ENTRY_ADDRESS'};
-		my $new_entry_remark = &Header::escape($cgiparams{'IGNORE_ENTRY_REMARK'});
+		my $new_entry_remark = $cgiparams{'IGNORE_ENTRY_REMARK'};
 
 		# Read-in ignoredfile.
 		&General::readhasharray($IDS::ignored_file, \%ignored) if (-e $IDS::ignored_file);
@@ -1525,7 +1525,8 @@ print <<END;
 				<tr>
 					<td>$Lang::tr{'remark'}</td>
 					<td>
-						<input type='text' name=IGNORE_ENTRY_REMARK value='$entry_remark' size='24' />
+						<input type='text' name=IGNORE_ENTRY_REMARK
+							value='@{[ &Header::escape($entry_remark) ]}' size='24' />
 					</td>
 				</tr>
 
-- 
2.47.3