mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
721 B
721 B
3.1.0-rc3
Overview
Security: XSS in CMS "Security" section (SS-2013-007)
See announcement
Security: XSS in form validation errors (SS-2013-008)
See announcement
Security: XSS in CMS "Pages" section (SS-2013-009)
See announcement
API: Form validation message no longer allow HTML
Due to cross-site scripting concerns when user data is used for form messages,
it is no longer possible to use HTML in Form->sessionMessage(), and consequently
in the FormField->validate() API.