From f4b2676f661d5c839e78d3bc470f6d0d5008a479 Mon Sep 17 00:00:00 2001
From: Roman Kelesidis <roman25052006.kelesh@gmail.com>
Date: Thu, 26 Oct 2023 15:13:17 +0700
Subject: [PATCH] Use strip_tags() for message in prompt_for_confirm() (#991)

---
 src/Ajax.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/Ajax.php b/src/Ajax.php
index 8d3f85794..09d84c75a 100644
--- a/src/Ajax.php
+++ b/src/Ajax.php
@@ -142,7 +142,7 @@ class Ajax
      * @param int $error_code
      * @throws Exception
      */
-    public function ajax_die(string $error_msg, int $error_code = E_AJAX_GENERAL_ERROR)
+    public function ajax_die(string $error_msg, int $error_code = E_AJAX_GENERAL_ERROR): void
     {
         $this->response['error_code'] = $error_code;
         $this->response['error_msg'] = strip_tags($error_msg);
@@ -244,14 +244,14 @@ class Ajax
      * @param string $confirm_msg
      * @throws Exception
      */
-    public function prompt_for_confirm(string $confirm_msg)
+    public function prompt_for_confirm(string $confirm_msg): void
     {
         if (empty($confirm_msg)) {
             $this->ajax_die('false');
         }
 
         $this->response['prompt_confirm'] = 1;
-        $this->response['confirm_msg'] = $confirm_msg;
+        $this->response['confirm_msg'] = strip_tags($confirm_msg);
         $this->send();
     }