Fixed escaping of array/object keys in debug_print_var

2 files changed, 4 insertions, 2 deletions

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6ddcd891..4c8bd10e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+- Fixed escaping of array/object keys in debug_print_var
+
 ## [5.5.1] - 2025-05-19
 - Fix missing support for loading modifiercompilers from plugin dir in BCPluginsAdapter [#1132](https://github.com/smarty-php/smarty/pull/1132)
 
diff --git a/src/Extension/DefaultExtension.php b/src/Extension/DefaultExtension.php
index 88390b94..b5f38f6c 100644
--- a/src/Extension/DefaultExtension.php
+++ b/src/Extension/DefaultExtension.php
@@ -320,7 +320,7 @@ class DefaultExtension extends Base {
 					break;
 				}
 				foreach ($var as $curr_key => $curr_val) {
-					$results .= '<br>' . str_repeat('&nbsp;', $depth * 2) . '<b>' . strtr($curr_key, $_replace) .
+					$results .= '<br>' . str_repeat('&nbsp;', $depth * 2) . '<b>' . htmlspecialchars(strtr($curr_key, $_replace)) .
 						'</b> =&gt; ' .
 						$this->smarty_modifier_debug_print_var($curr_val, $max, $length, ++$depth, $objects);
 					$depth--;
@@ -338,7 +338,7 @@ class DefaultExtension extends Base {
 				}
 				$objects[] = $var;
 				foreach ($object_vars as $curr_key => $curr_val) {
-					$results .= '<br>' . str_repeat('&nbsp;', $depth * 2) . '<b> -&gt;' . strtr($curr_key, $_replace) .
+					$results .= '<br>' . str_repeat('&nbsp;', $depth * 2) . '<b> -&gt;' . htmlspecialchars(strtr($curr_key, $_replace)) .
 						'</b> = ' . $this->smarty_modifier_debug_print_var($curr_val, $max, $length, ++$depth, $objects);
 					$depth--;
 				}