From 0083fcd3564d5e5182f0df04d679147a5096dc1f Mon Sep 17 00:00:00 2001
From: Samuel Georges <sam@daftspunk.com>
Date: Sat, 25 Apr 2015 14:28:52 +1000
Subject: [PATCH] Vars passed to content should be escaped

---
 modules/cms/twig/ContentNode.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/cms/twig/ContentNode.php b/modules/cms/twig/ContentNode.php
index 5413e35ca..61d02b677 100644
--- a/modules/cms/twig/ContentNode.php
+++ b/modules/cms/twig/ContentNode.php
@@ -30,7 +30,9 @@ class ContentNode extends Twig_Node
 
         for ($i = 1; $i < count($this->getNode('nodes')); $i++) {
             $compiler->write("\$context['__cms_content_params']['".$this->getAttribute('names')[$i-1]."'] = ");
+            $compiler->write('twig_escape_filter($this->env, ');
             $compiler->subcompile($this->getNode('nodes')->getNode($i));
+            $compiler->write(")");
             $compiler->write(";\n");
         }