From 47eb8a5fba550f477944eb6da8ca91b87eaf1d01 Mon Sep 17 00:00:00 2001
From: Michael Hamann <michael.hamann@xwiki.com>
Date: Thu, 9 Jun 2022 15:36:53 +0200
Subject: [PATCH] XWIKI-19805: Improve parameter escaping in IconPickerMacro

---
 .../src/main/resources/IconThemesCode/IconPickerMacro.xml     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-ui/src/main/resources/IconThemesCode/IconPickerMacro.xml b/xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-ui/src/main/resources/IconThemesCode/IconPickerMacro.xml
index 202a4d45593e..84a1dfda648c 100644
--- a/xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-ui/src/main/resources/IconThemesCode/IconPickerMacro.xml
+++ b/xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-ui/src/main/resources/IconThemesCode/IconPickerMacro.xml
@@ -200,10 +200,10 @@
       options['prefix'] = '$escapetool.javascript($xcontext.macro.params.prefix)';
     #end
     #if("$!xcontext.macro.params.id" != '')
-      $('#${xcontext.macro.params.id}').xwikiIconPicker(options);
+      $('#${escapetool.javascript(${xcontext.macro.params.id})}').xwikiIconPicker(options);
     #end
     #if("$!xcontext.macro.params.get('class')" != '')
-      $('.${xcontext.macro.params.get('class')}').xwikiIconPicker(options);
+      $('.${escapetool.javascript(${xcontext.macro.params.get('class')})}').xwikiIconPicker(options);
     #end
   });
 &lt;/script&gt;