BUGFIX Escape HTML in DropdownField and ListboxField
Fixes reflected XSS in Group titles when using in group selections (e.g. in "New Member" form).
This commit is contained in:
parent
604ede30a4
commit
f8bbc0a726
|
@ -1,5 +1,5 @@
|
|||
<select $AttributesHTML>
|
||||
<% loop Options %>
|
||||
<option value="$Value"<% if Selected %> selected="selected"<% end_if %><% if Disabled %> disabled="disabled"<% end_if %>>$Title</option>
|
||||
<option value="$Value.XML"<% if Selected %> selected="selected"<% end_if %><% if Disabled %> disabled="disabled"<% end_if %>>$Title.XML</option>
|
||||
<% end_loop %>
|
||||
</select>
|
||||
|
|
Loading…
Reference in New Issue