tonyair
/
silverstripe-framework
mirror of https://github.com/silverstripe/silverstripe-framework
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

BUGFIX Escape HTML in DropdownField and ListboxField 

Fixes reflected XSS in Group titles when using
in group selections (e.g. in "New Member" form).
This commit is contained in:
Ingo Schommer 2013-01-04 18:09:39 +01:00
parent 604ede30a4
commit f8bbc0a726
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
templates/forms/DropdownField.ss
View File

@ -1,5 +1,5 @@
<select $AttributesHTML>
<% loop Options %>
<option value="$Value"<% if Selected %> selected="selected"<% end_if %><% if Disabled %> disabled="disabled"<% end_if %>>$Title</option>
<option value="$Value.XML"<% if Selected %> selected="selected"<% end_if %><% if Disabled %> disabled="disabled"<% end_if %>>$Title.XML</option>
<% end_loop %>
</select>