Skip to content
Snippets Groups Projects
Commit 6a09d625 authored by Nicole Cordes's avatar Nicole Cordes Committed by Oliver Hader
Browse files

[SECURITY] Prevent XSS in IRRE elements 

This patch changes a JavaScript function to use text() instead of html()
to prevent JavaScript execution.

Resolves: #76922
Releases: master, 7.6, 6.2
Security-Commit: 252c2cb492ace6c3605772c280f65873f0c18299
Security-Bulletins: TYPO3-CORE-SA-2016-014, 015, 016, 017, 018
Change-Id: Id22bef4b337b2c8d06e98fba45d59ae83c7c3e35
Reviewed-on: https://review.typo3.org/49073


Reviewed-by: default avatarOliver Hader <oliver.hader@typo3.org>
Tested-by: default avatarOliver Hader <oliver.hader@typo3.org>
parent bd8eded5
No related merge requests found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment