Escape shortcode attribute value Codeinwp/visualizer-pro#365

girishpanchal30 · girishpanchal30 · commit 6392561f5cd1 · 2023-01-18T18:19:52.000+05:30
diff --git a/classes/Visualizer/Module/Frontend.php b/classes/Visualizer/Module/Frontend.php
@@ -305,6 +305,11 @@ public function renderChart( $atts ) {
 			$atts
 		);
 
+		$atts['id']        = (int) $atts['id'];
+		$atts['class']     = esc_attr( $atts['class'] );
+		$atts['lazy']      = esc_attr( $atts['lazy'] );
+		$atts['use_image'] = esc_attr( $atts['use_image'] );
+
 		global $sitepress;
 		if ( Visualizer_Module::is_pro() && ( function_exists( 'icl_get_languages' ) && $sitepress instanceof \SitePress ) ) {
 			global $sitepress;
