Skip to content
Snippets Groups Projects
Commit 51fe9e0f authored by Helmut Hummel's avatar Helmut Hummel Committed by Oliver Hader
Browse files

[SECURITY] t3lib_div::quoteJSvalue allows XSS 

When t3lib_div::quoteJSvalue() was used with second
parameter set to TRUE closing HTML script tags were
not escaped correctly.

Now every character except harmless ones is encoded
to a hex representation.

Change-Id: I4ce17c924458bc4db659b2d37e7932cc9b0c340d
Releases: 6.0, 4.7, 4.6, 4.5
Fixes: #23226
Security-Commit: ee1778ab0c7b4525dbabab4fcb94eb112b767e69
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13765
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
parent bf01ec8d
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment