Skip to content
Permalink
Browse files Browse the repository at this point in the history
request #30734: XSS through the name of a color of select box values
Change-Id: Ia8dc1bf8cfb304975272064611b7b27264b884a3
  • Loading branch information
nterray committed Feb 1, 2023
1 parent 2c51594 commit aacd5e7
Showing 1 changed file with 1 addition and 1 deletion.
Expand Up @@ -141,7 +141,7 @@ public function getDataset(Tracker_FormElement_Field_List $field): array
$id = $this->getId();

if (! empty($decorators) && isset($decorators[$id])) {
$purifier = Codendi_HTTPPurifier::instance();
$purifier = Codendi_HTMLPurifier::instance();
return [
"data-color-value" => $purifier->purify($decorators[$id]->getCurrentColor()),
];
Expand Down

0 comments on commit aacd5e7

Please sign in to comment.