Skip to content
This repository has been archived by the owner on Sep 19, 2024. It is now read-only.

JS injection in Text and TextArea. #68

Merged
merged 1 commit into from
Jan 12, 2021
Merged

JS injection in Text and TextArea. #68

merged 1 commit into from
Jan 12, 2021

Conversation

aleixgil
Copy link

By default, Text and TextArea not allow JS injection (strip_tags()).
To allow it: call allowScripts() method: e.g.: TextArea::make('notes')->allowScripts() or Email::make('email')->allowScripts()

@aleixgil
Copy link
Author

On he trobat per poder fer-ho és amb el mapAttributeFromRequest($value), que tant al crear com actualitzar, hi passa.
No se si està fet per això, però entenc que almenys serveix per mapejar els valors de la petició no?

Si està bé, hauras de crear versió i actualitzar la llib a xef i retail.

@BadChoice BadChoice merged commit 0b5d8d7 into BadChoice:master Jan 12, 2021
@BadChoice
Copy link
Owner

Si, el map attributesFromRequest es un bon lloc, pero la idea d'aquest mètode es que es per poder-lo implementar els custom fields, pero vaja, ja farem un parent::

@aleixgil
Copy link
Author

Okay.
me les havia deixat:

XEF: https://linear.app/revo/issue/REV-2343/creacionmodificacion-de-empleados-xss
RETAIL: https://linear.app/revo/issue/REV-2366/creacionmodificacion-de-empleados-xss
recordo lo de treure versió i actualitzar a XEF i RETAIL, per quan ho vulguin.

aleixgil pushed a commit to aleixgil/thrust that referenced this pull request Jan 11, 2024
@BadChoice
Merge pull request BadChoice#68 from revosystems/bugfix/REV-12050-dis…
2286a4b 
…play-correct-actions-while-searching

REV-12050 fetch correct actions while searching
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@BadChoice BadChoice BadChoice approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@aleixgil @BadChoice