Minor Correction

Sanitize font name.

Author: oleibman

src/PhpSpreadsheet/Writer/Html.php

@@ -1039,7 +1039,7 @@ private function createCSSStyleFont(Font $font): array
         }
 
         $css['color'] = '#' . $font->getColor()->getRGB();
-        $css['font-family'] = '\'' . $font->getName() . '\'';
+        $css['font-family'] = '\'' . htmlspecialchars((string) $font->getName(), ENT_QUOTES) . '\'';
         $css['font-size'] = $font->getSize() . 'pt';
 
         return $css;

tests/PhpSpreadsheetTests/Writer/Html/XssVulnerabilityTest.php

@@ -59,4 +59,21 @@ public function testXssInComment(string $xssTextString, ?string $expected = null
         self::assertStringContainsString($expected, $verify);
         $spreadsheet->disconnectWorksheets();
     }
+
+    public function testXssInFontName(): void
+    {
+        $spreadsheet = new Spreadsheet();
+        $sheet = $spreadsheet->getActiveSheet();
+        $sheet->getCell('A1')->setValue('here');
+        $used = 'Calibri</style><script type="text/javascript">alert("hello");</script><style type="text/css">';
+        $expected = "font-family:'Calibri&lt;/style&gt;&lt;script type=&quot;text/javascript&quot;&gt;alert(&quot;hello&quot;);&lt;/script&gt;&lt;style type=&quot;text/css&quot;&gt;'";
+        $sheet->getStyle('A1')->getFont()->setName($used);
+
+        $writer = new Html($spreadsheet);
+        $verify = $writer->generateHtmlAll();
+        // Ensure that executable js has been stripped
+        self::assertStringNotContainsString($expected, $used);
+        self::assertStringContainsString($expected, $verify);
+        $spreadsheet->disconnectWorksheets();
+    }
 }