silverstripe-framework/DropdownField.ss at 5143c8149a191ddce3ef646b1b552e8b943b52b9 - silverstripe-framework - Gitea

tonyair/silverstripe-framework

mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-07-07 20:09:31 +02:00

Ingo Schommer f8bbc0a726 BUGFIX Escape HTML in DropdownField and ListboxField

Fixes reflected XSS in Group titles when using
in group selections (e.g. in "New Member" form).

2013-02-17 23:27:15 +01:00

6 lines

215 B

Scheme

Raw Blame History

 <select $AttributesHTML>
 <% loop Options %>
 	<option value="$Value.XML"<% if Selected %> selected="selected"<% end_if %><% if Disabled %> disabled="disabled"<% end_if %>>$Title.XML</option>
 <% end_loop %>
 </select>