diff --git a/views/bootstrap/class.ViewDocument.php b/views/bootstrap/class.ViewDocument.php
index c65259bae..bd6dd7e11 100644
--- a/views/bootstrap/class.ViewDocument.php
+++ b/views/bootstrap/class.ViewDocument.php
@@ -766,7 +766,7 @@ class SeedDMS_View_ViewDocument extends SeedDMS_Bootstrap_Style {
echo "";
echo "| ".$wkflog->getWorkflow()->getName()." | ";
echo "".$wkflog->getDate()." | ";
- echo "".$wkflog->getTransition()->getAction()->getName()." | ";
+ echo "".htmlspecialchars($wkflog->getTransition()->getAction()->getName())." | ";
$loguser = $wkflog->getUser();
echo "".htmlspecialchars($loguser->getFullName())." | ";
echo "".htmlspecialchars($wkflog->getComment())." | ";
@@ -1043,14 +1043,14 @@ class SeedDMS_View_ViewDocument extends SeedDMS_Bootstrap_Style {
foreach($transitions as $transition) {
$nextstate = $transition->getNextState();
$docstatus = $nextstate->getDocumentStatus();
- echo " ".$nextstate->getName()." | ";
+ echo " ".htmlspecialchars($nextstate->getName())." | ";
}
echo "
";
echo "";
echo "| ".getMLText('action').": | ";
foreach($transitions as $transition) {
$action = $transition->getAction();
- echo "".getMLText('action_'.strtolower($action->getName()), array(), $action->getName())." | ";
+ echo "".getMLText('action_'.strtolower($action->getName()), array(), htmlspecialchars($action->getName()))." | ";
}
echo "
";
echo "";