From e80d22d193df364b07bab7925572720f91a8984a Mon Sep 17 00:00:00 2001
From: Simon Urli <simon.urli@xwiki.com>
Date: Thu, 2 Feb 2023 17:27:46 +0100
Subject: [PATCH] XWIKI-20341: Sanitize template URLs

---
 .../src/main/resources/flamingo/delete.vm                   | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/xwiki-platform-core/xwiki-platform-flamingo/xwiki-platform-flamingo-skin/xwiki-platform-flamingo-skin-resources/src/main/resources/flamingo/delete.vm b/xwiki-platform-core/xwiki-platform-flamingo/xwiki-platform-flamingo-skin/xwiki-platform-flamingo-skin-resources/src/main/resources/flamingo/delete.vm
index 555b3a5a609b..c1a64fa27218 100644
--- a/xwiki-platform-core/xwiki-platform-flamingo/xwiki-platform-flamingo-skin/xwiki-platform-flamingo-skin-resources/src/main/resources/flamingo/delete.vm
+++ b/xwiki-platform-core/xwiki-platform-flamingo/xwiki-platform-flamingo-skin/xwiki-platform-flamingo-skin-resources/src/main/resources/flamingo/delete.vm
@@ -333,11 +333,11 @@
       </div>
       <input type="submit" class="btn btn-primary" value="$services.localization.render('yes')"/>
       #if("$!{request.xredirect}" != '')
-        #set($cancelUrl = "$request.xredirect")
+        #getSanitizedURLAttributeValue('a','href',$request.xredirect,$doc.getURL(),$cancelUrl)
       #else
-        #set($cancelUrl = $doc.getURL())
+        #set($cancelUrl = $escapetool.xml($doc.getURL()))
       #end
-      <a class="btn btn-default" href="$!{escapetool.xml(${cancelUrl})}">$services.localization.render('no')</a>
+      <a class="btn btn-default" href="$cancelUrl">$services.localization.render('no')</a>
     </form>
   #xwikimessageboxend()
 #end