[SECURITY] Escape shortened placeholder text in HTML output (7339543a) · Commits · TYPO3 / TYPO3.CMS

Commit 7339543a authored 4 years ago by

Markus Klein Committed by Oliver Hader 4 years ago

[SECURITY] Escape shortened placeholder text in HTML output

Prevent XSS by escaping the shortened placeholder text for various
Backend form elements properly.

Resolves: #90817
Releases: master, 9.5
Change-Id: I58f61b2d3d902dd3cb07e97acf974156f100a8aa
Security-Bulletin: TYPO3-CORE-SA-2020-002
Security-References: CVE-2020-11064
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64471


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

parent 1b28fec3

No related merge requests found

Hide whitespace changes

Inline Side-by-side

Showing with 4 additions and 4 deletions

Please register or to comment