From d0500edd63b074b340d5d25b04ac9057a04ca4f3 Mon Sep 17 00:00:00 2001
From: Rui Tome <rtome@bitwarden.com>
Date: Wed, 27 Sep 2023 17:36:02 +0100
Subject: [PATCH] =?UTF-8?q?[AC-1637]=C2=A0Replaced=20Html.Raw=20with=20Htt?=
 =?UTF-8?q?pUtility.HtmlDecode?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/Admin/Views/Organizations/Edit.cshtml  | 5 +++--
 src/Admin/Views/Organizations/Index.cshtml | 5 +++--
 src/Admin/Views/Organizations/View.cshtml  | 5 +++--
 3 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/src/Admin/Views/Organizations/Edit.cshtml b/src/Admin/Views/Organizations/Edit.cshtml
index 5d2728bb3..1e2e0bf3b 100644
--- a/src/Admin/Views/Organizations/Edit.cshtml
+++ b/src/Admin/Views/Organizations/Edit.cshtml
@@ -1,8 +1,9 @@
 @using Bit.Admin.Enums;
+@using System.Web
 @inject Bit.Admin.Services.IAccessControlService AccessControlService
 @model OrganizationEditModel
 @{
-    ViewData["Title"] = (Model.Provider != null ? "Client " : string.Empty) + "Organization: " + Html.Raw(Model.Name);
+    ViewData["Title"] = (Model.Provider != null ? "Client " : string.Empty) + "Organization: " + HttpUtility.HtmlDecode(Model.Name);
 
     var canViewOrganizationInformation = AccessControlService.UserHasPermission(Permission.Org_OrgInformation_View);
     var canViewBillingInformation = AccessControlService.UserHasPermission(Permission.Org_BillingInformation_View);
@@ -55,7 +56,7 @@
     </script>
 }
 
-<h1>@(Model.Provider != null ? "Client " : string.Empty)Organization <small>@Html.Raw(Model.Name)</small></h1>
+<h1>@(Model.Provider != null ? "Client " : string.Empty)Organization <small>@HttpUtility.HtmlDecode(Model.Name)</small></h1>
 
 @if (Model.Provider != null)
 {
diff --git a/src/Admin/Views/Organizations/Index.cshtml b/src/Admin/Views/Organizations/Index.cshtml
index f13b2769f..044b08907 100644
--- a/src/Admin/Views/Organizations/Index.cshtml
+++ b/src/Admin/Views/Organizations/Index.cshtml
@@ -1,4 +1,5 @@
-@model OrganizationsModel
+@using System.Web
+@model OrganizationsModel
 @{
     ViewData["Title"] = "Organizations";
 }
@@ -46,7 +47,7 @@
                 {
                     <tr>
                         <td>
-                            <a asp-action="@Model.Action" asp-route-id="@org.Id">@Html.Raw(org.Name)</a>
+                            <a asp-action="@Model.Action" asp-route-id="@org.Id">@HttpUtility.HtmlDecode(org.Name)</a>
                         </td>
                         <td>
                             @org.Plan
diff --git a/src/Admin/Views/Organizations/View.cshtml b/src/Admin/Views/Organizations/View.cshtml
index 80f9cfa14..9b5c216f5 100644
--- a/src/Admin/Views/Organizations/View.cshtml
+++ b/src/Admin/Views/Organizations/View.cshtml
@@ -1,10 +1,11 @@
 @inject Bit.Core.Settings.GlobalSettings GlobalSettings
+@using System.Web
 @model OrganizationViewModel
 @{
-    ViewData["Title"] = "Organization: " + Html.Raw(Model.Organization.Name);
+    ViewData["Title"] = "Organization: " + HttpUtility.HtmlDecode(Model.Organization.Name);
 }
 
-<h1>Organization <small>@Html.Raw(Model.Organization.Name)</small></h1>
+<h1>Organization <small>@HttpUtility.HtmlDecode(Model.Organization.Name)</small></h1>
 
 @if (Model.Provider != null)
 {