Properly escape user provided data in trans with data to prevent possible XSS attack vectors.

src/DataTables/Helpers/PartDataTableHelper.php

@@ -67,7 +67,7 @@ class PartDataTableHelper
             '<a href="%s">%s%s</a>',
             $this->entityURLGenerator->infoURL($context),
             $icon,
-            htmlentities($context->getName())
+            htmlspecialchars($context->getName())
         );
     }
 

templates/admin/_delete_form.html.twig

@@ -1,5 +1,5 @@
 <form method="post" class="" action="{{ entity_url(entity, 'delete') }}" {{ stimulus_controller('elements/delete_btn') }} {{ stimulus_action('elements/delete_btn', "submit", "submit") }}
-      data-delete-title="{% trans  with {'%name%': entity.name }%}entity.delete.confirm_title{% endtrans %}"
+      data-delete-title="{% trans with {'%name%': entity.name|escape }%}entity.delete.confirm_title{% endtrans %}"
       data-delete-message="{% trans %}entity.delete.message{% endtrans %}">
     <input type="hidden" name="_method" value="DELETE">
     <input type="hidden" name="_token" value="{{ csrf_token('delete' ~ entity.id) }}">

templates/parts/info/_tools.html.twig

@@ -29,7 +29,7 @@
 
 <form method="post" class="mt-2" action="{{ entity_url(part, 'delete') }}"
         {{ stimulus_controller('elements/delete_btn') }} {{ stimulus_action('elements/delete_btn', "submit", "submit") }}
-      data-delete-title="{% trans  with {'%name%': part.name }%}part.delete.confirm_title{% endtrans %}"
+      data-delete-title="{% trans with {'%name%': part.name|escape }%}part.delete.confirm_title{% endtrans %}"
       data-delete-message="{% trans %}part.delete.message{% endtrans %}">
     <input type="hidden" name="_method" value="DELETE">
     <input type="hidden" name="_token" value="{{ csrf_token('delete' ~ part.id) }}">