Fix Xss in the segment name (#490)

* Fix Xss in the segment name

* Apply php-cs-fixer changes

* Fix PHP stan

---------

Co-authored-by: aryaantony92 <[email protected]>

Author: aryaantony92

composer.json

@@ -24,7 +24,7 @@
     "pear/archive_tar": "^1.4.3",
     "pimcore/number-sequence-generator": "^1.0.5",
     "pimcore/object-merger": "^3.0",
-    "pimcore/pimcore": "^10.5",
+    "pimcore/pimcore": "^10.5.21",
     "pimcore/search-query-parser": "^1.3",
     "symfony/asset": "^5.3",
     "symfony/config": "^5.3",

src/View/Formatter/DefaultViewFormatter.php

@@ -19,6 +19,7 @@
 use CustomerManagementFrameworkBundle\Model\CustomerSegmentInterface;
 use Pimcore\Model\DataObject\ClassDefinition;
 use Pimcore\Model\DataObject\ClassDefinition\Data;
+use Pimcore\Security\SecurityHelper;
 use Symfony\Contracts\Translation\TranslatorInterface;
 
 class DefaultViewFormatter implements ViewFormatterInterface
@@ -176,7 +177,7 @@ public function getLocale()
      */
     protected function formatSegmentValue(CustomerSegmentInterface $segment)
     {
-        return sprintf('<span class="label label-default">%s</span>', $segment->getName());
+        return sprintf('<span class="label label-default">%s</span>', SecurityHelper::convertHtmlSpecialChars($segment->getName()));
     }
 
     protected function getLanguageFromLocale($locale)