From 37ffbb954562fa4d1b6e19aad04c889727320a56 Mon Sep 17 00:00:00 2001
From: Peter Donker <peter@bring2mind.net>
Date: Thu, 2 Dec 2021 16:06:04 +0100
Subject: [PATCH] No module message should be able to contain any scripts

---
 DNN Platform/Library/UI/Skins/Skin.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/DNN Platform/Library/UI/Skins/Skin.cs b/DNN Platform/Library/UI/Skins/Skin.cs
index b8501bcb06e..13631273600 100644
--- a/DNN Platform/Library/UI/Skins/Skin.cs	
+++ b/DNN Platform/Library/UI/Skins/Skin.cs	
@@ -299,7 +299,7 @@ public static ModuleMessage GetModuleMessageControl(string heading, string messa
             var s = new Skin();
             var moduleMessage = (ModuleMessage)s.LoadControl("~/admin/skins/ModuleMessage.ascx");
             moduleMessage.Heading = heading;
-            moduleMessage.Text = message;
+            moduleMessage.Text = new Security.PortalSecurity().InputFilter(message, Security.PortalSecurity.FilterFlag.NoScripting);
             moduleMessage.IconImage = iconImage;
             moduleMessage.IconType = moduleMessageType;
             return moduleMessage;