tonyair
/
silverstripe-framework
mirror of https://github.com/silverstripe/silverstripe-framework
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
silverstripe-framework/docs/en/changelogs/rc/3.1.0-rc3.md

721 B
Raw Blame History

3.1.0-rc3

Overview

Security: XSS in CMS "Security" section (SS-2013-007)

See announcement

Security: XSS in form validation errors (SS-2013-008)

See announcement

Security: XSS in CMS "Pages" section (SS-2013-009)

See announcement

API: Form validation message no longer allow HTML

Due to cross-site scripting concerns when user data is used for form messages, it is no longer possible to use HTML in Form->sessionMessage(), and consequently in the FormField->validate() API.