From d3bd1f41242c61c2b2b9626360ac08d5d1d3d209 Mon Sep 17 00:00:00 2001
From: James Cole <thegrumpydictator@gmail.com>
Date: Thu, 25 Jun 2020 13:37:44 +0200
Subject: [PATCH] Escape names to fix #3489

---
 resources/views/v1/accounts/show.twig             | 2 +-
 resources/views/v1/vendor/passport/authorize.twig | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/resources/views/v1/accounts/show.twig b/resources/views/v1/accounts/show.twig
index a291392c01..7040ac6a8d 100644
--- a/resources/views/v1/accounts/show.twig
+++ b/resources/views/v1/accounts/show.twig
@@ -13,7 +13,7 @@
                     <h3 class="box-title">
                         {{ trans('firefly.chart_account_in_period', {
                             balance: formatAmountBySymbol(balance, currency.symbol, currency.decimal_places, true),
-                            name: account.name, start: start.formatLocalized(monthAndDayFormat), end: end.formatLocalized(monthAndDayFormat) })|raw }}
+                            name: account.name|escape, start: start.formatLocalized(monthAndDayFormat), end: end.formatLocalized(monthAndDayFormat) })|raw }}
                     </h3>
                     <div class="box-tools pull-right">
                         <div class="btn-group">
diff --git a/resources/views/v1/vendor/passport/authorize.twig b/resources/views/v1/vendor/passport/authorize.twig
index 8c44f0907e..47bb899855 100644
--- a/resources/views/v1/vendor/passport/authorize.twig
+++ b/resources/views/v1/vendor/passport/authorize.twig
@@ -58,7 +58,7 @@
                     <div class="panel-body">
                         <!-- Introduction -->
                         <p>
-                            {{ trans('firefly.authorization_request_intro', {client: client.name})|raw }}
+                            {{ trans('firefly.authorization_request_intro', {client: client.name|escape})|raw }}
                         </p>
                         <!-- Scope List -->
                         {% if scopes|length > 0 %}