silverstripe-framework/docs/en/04_Changelogs/2.3.13.md

# 2.3.13 (2012-02-01)

## Overview

 * Security: Cross-site scripting on text transformations in templates
 * Security: Cross-site scripting (XSS) related to page titles in the CMS

## Upgrading Notes ##

See [2.4.7](2.4.7).

## Changelog ##

### Bugfixes

 * 2012-01-31 [15e9e05](https://github.com/silverstripe/sapphire/commit/15e9e05) Casting return values on text helper methods in StringField, Text, Varchar (Ingo Schommer)
 * 2009-05-26 [acf9e01](https://github.com/silverstripe/sapphire/commit/acf9e01) Don't break CMS tree if HTML gets into MenuTitle (Sam Minnee)

### Other

 * 2012-01-31 [475e077](https://github.com/silverstripe/sapphire/commit/475e077) SECURITY Sanitize messages passed to generated JS calls in FormResponse::status_message(), e.g. to avoid XSS on 'Successfully published &lt;page title&gt;' messages (Ingo Schommer)
MINOR Updated changelog 2012-01-31 17:04:59 +01:00			`# 2.3.13 (2012-02-01)`

			`## Overview`

			`* Security: Cross-site scripting on text transformations in templates`
			`* Security: Cross-site scripting (XSS) related to page titles in the CMS`

			`## Upgrading Notes ##`

			`See [2.4.7](2.4.7).`

			`## Changelog ##`

			`### Bugfixes`

			`* 2012-01-31 [15e9e05](https://github.com/silverstripe/sapphire/commit/15e9e05) Casting return values on text helper methods in StringField, Text, Varchar (Ingo Schommer)`
			`* 2009-05-26 [acf9e01](https://github.com/silverstripe/sapphire/commit/acf9e01) Don't break CMS tree if HTML gets into MenuTitle (Sam Minnee)`

			`### Other`

			`* 2012-01-31 [475e077](https://github.com/silverstripe/sapphire/commit/475e077) SECURITY Sanitize messages passed to generated JS calls in FormResponse::status_message(), e.g. to avoid XSS on 'Successfully published <page title>' messages (Ingo Schommer)`