569 B

Raw Blame History

3.0.7

Overview

Security: XSS in form validation errors (SS-2013-008)

Security: XSS in CMS "Pages" section (SS-2013-009)

API: Form validation message no longer allow HTML

Due to cross-site scripting concerns when user data is used for form messages, it is no longer possible to use HTML in Form->sessionMessage(), and consequently in the FormField->validate() API.

569 B Raw Blame History

3.0.7

Overview

Security: XSS in form validation errors (SS-2013-008)

Security: XSS in CMS "Pages" section (SS-2013-009)

API: Form validation message no longer allow HTML

569 B

Raw Blame History