Skip to content
Snippets Groups Projects
Commit c3ba5b78 authored by JediKev's avatar JediKev
Browse files

xss: Install Form 

This addresses an issue reported by Aishwarya Iyer where inserting `<img src
=x onerror = prompt(1)` into any text field on the install form will execute
in the browser after the system is installed and you log in. This is due to
us not sanitizing the content before it’s saved in the database. This adds
`Format::htmlchars()` to the installer to ensure the text field data is
sanitized properly.
parent bbfff1a2
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment