mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00

David Alexander 870dfb737b DOCS 2.4 : Fixed all internally generated 404s

DOCS 2.4 : Fixed some external links causing 404s

DOCS 2.4 : adjusted link labels

DOCS 2.4 : another link label fixed up

DOCS 2.4 : fixed link

2015-12-21 09:22:48 +13:00

626 B

Raw Blame History

2.4.13

Overview

Security: XSS in form validation errors (SS-2013-008)

See announcement

Security: XSS in CMS "Pages" section (SS-2013-009)

See announcement

API: Form validation message no longer allow HTML

Due to cross-site scripting concerns when user data is used for form messages, it is no longer possible to use HTML in Form->sessionMessage(), and consequently in the FormField->validate() API.

626 B Raw Blame History

2.4.13

Overview

Security: XSS in form validation errors (SS-2013-008)

Security: XSS in CMS "Pages" section (SS-2013-009)

API: Form validation message no longer allow HTML

626 B

Raw Blame History