From 9f286db8e203d5ff4e5dca0decc7b1ae31b43d1d Mon Sep 17 00:00:00 2001
From: anonymoususer72041
 <247563575+anonymoususer72041@users.noreply.github.com>
Date: Fri, 1 May 2026 14:49:04 +0200
Subject: [PATCH] Move activity description escaping to templates

---
 modules/candidates/AddActivityScheduleEventModal.tpl | 2 +-
 modules/candidates/CandidatesUI.php                  | 2 +-
 modules/contacts/AddActivityScheduleEventModal.tpl   | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/candidates/AddActivityScheduleEventModal.tpl b/modules/candidates/AddActivityScheduleEventModal.tpl
index 97ff20114..a727cd031 100644
--- a/modules/candidates/AddActivityScheduleEventModal.tpl
+++ b/modules/candidates/AddActivityScheduleEventModal.tpl
@@ -198,7 +198,7 @@
          <?php if (!$this->onlyScheduleEvent): ?>
             <?php if ($this->activityAdded): ?>
                 <?php if (!empty($this->activityDescription)): ?>
-                    <p>An activity entry of type <span class="bold"><?php $this->_($this->activityType); ?></span> has been added with the following note: &quot;<?php echo($this->activityDescription); ?>&quot;.</p>
+                    <p>An activity entry of type <span class="bold"><?php $this->_($this->activityType); ?></span> has been added with the following note: &quot;<?php $this->_($this->activityDescription); ?>&quot;.</p>
                 <?php else: ?>
                     <p>An activity entry of type <span class="bold"><?php $this->_($this->activityType); ?></span> has been added with no notes.</p>
                 <?php endif; ?>
diff --git a/modules/candidates/CandidatesUI.php b/modules/candidates/CandidatesUI.php
index 06efdaa13..70861412c 100755
--- a/modules/candidates/CandidatesUI.php
+++ b/modules/candidates/CandidatesUI.php
@@ -3355,7 +3355,7 @@ private function _addActivity($isJobOrdersMode, $regardingID,
         $this->_template->assign('candidateID', $candidateID);
         $this->_template->assign('regardingID', $regardingID);
         $this->_template->assign('activityAdded', $activityAdded);
-        $this->_template->assign('activityDescription', htmlspecialchars($activityNote, ENT_QUOTES | ENT_SUBSTITUTE, HTML_ENCODING));
+        $this->_template->assign('activityDescription', $activityNote);
         $this->_template->assign('activityType', $activityTypeDescription);
         $this->_template->assign('eventScheduled', $eventScheduled);
         $this->_template->assign('eventHTML', $eventHTML);
diff --git a/modules/contacts/AddActivityScheduleEventModal.tpl b/modules/contacts/AddActivityScheduleEventModal.tpl
index 409131cc2..cd77a468e 100755
--- a/modules/contacts/AddActivityScheduleEventModal.tpl
+++ b/modules/contacts/AddActivityScheduleEventModal.tpl
@@ -161,7 +161,7 @@
         <?php if(!$this->onlyScheduleEvent): ?>
             <?php if ($this->activityAdded): ?>
                 <?php if (!empty($this->activityDescription)): ?>
-                    <p>An activity entry of type <span class="bold"><?php $this->_($this->activityType); ?></span> has been added with the following note: &quot;<?php echo($this->activityDescription); ?>&quot;.</p>
+                    <p>An activity entry of type <span class="bold"><?php $this->_($this->activityType); ?></span> has been added with the following note: &quot;<?php $this->_($this->activityDescription); ?>&quot;.</p>
                 <?php else: ?>
                     <p>An activity entry of type <span class="bold"><?php $this->_($this->activityType); ?></span> has been added with no notes.</p>
                 <?php endif; ?>