mirror of
https://github.com/silverstripe/silverstripe-blog
synced 2024-10-22 11:05:58 +02:00
SECURITY: avoid XSS vulnerability within the Tags field in BlogEntry
This commit is contained in:
parent
ff439a5ac0
commit
c2a6ba5b69
@ -100,7 +100,7 @@ class BlogEntry extends Page {
|
||||
$link = $this->getParent() ? $this->getParent()->Link('tag') : '';
|
||||
foreach($tags as $tag) {
|
||||
$output->push(new ArrayData(array(
|
||||
'Tag' => $tag,
|
||||
'Tag' => Convert::raw2xml($tag),
|
||||
'Link' => $link . '/' . urlencode($tag),
|
||||
'URLTag' => urlencode($tag)
|
||||
)));
|
||||
|
Loading…
Reference in New Issue
Block a user