From f9597f16aeb66faa42e8e2e13601c54d81f0be2e Mon Sep 17 00:00:00 2001
From: Jarek Rozanski <jrozanski@inputobjects.eu>
Date: Sat, 17 Dec 2022 20:56:55 +0000
Subject: [PATCH] Sanitze in-admin view

---
 types/WideAngleHelpers.php | 2 +-
 views/admin_settings.php   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/types/WideAngleHelpers.php b/types/WideAngleHelpers.php
index 25ac3bd..062215a 100644
--- a/types/WideAngleHelpers.php
+++ b/types/WideAngleHelpers.php
@@ -88,7 +88,7 @@ class WideAngleHelpers {
         if($sanitizedValue != null) {           
           $asRegExp = "/" . wp_unslash($sanitizedValue) . "/";
           if(@preg_match($asRegExp, null) === 0) {
-            $typedExclusion = "[" . $exclusionType . "]" . wp_unslash($sanitizedValue);
+            $typedExclusion = "[" . $exclusionType . "]" . filter_var($sanitizedValue, FILTER_SANITIZE_SPECIAL_CHARS);
             array_push($exclusions, $typedExclusion);
           } else {
             $typedExclusion = "[" . $exclusionType . "]" . filter_var($sanitizedValue, FILTER_SANITIZE_SPECIAL_CHARS);
diff --git a/views/admin_settings.php b/views/admin_settings.php
index a85dbb7..23d4494 100644
--- a/views/admin_settings.php
+++ b/views/admin_settings.php
@@ -175,7 +175,7 @@ $generator            = new WideAngleGenerator($this->settings[self::WAA_CONF_AT
 
 &lt;/head&gt;
 &lt;!-- .. --&gt;
-<b><?php echo esc_html($generator->generateFooterScript()); ?></b>
+<b><?php echo esc_html(wp_unslash($generator->generateFooterScript())); ?></b>
 </pre>
 </code>
     </div>