Permalink
Browse files

Fixed potential XSS bug

  • Loading branch information...
1 parent d361251 commit 6c8ab19994be1b712479514c3cb9f7ace789be40 @Haacked committed Jun 11, 2012
Showing with 2 additions and 1 deletion.
  1. +2 −1 src/Subtext.Web/UI/Controls/Contact.cs
@@ -17,6 +17,7 @@
using System;
using System.Configuration;
+using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using Subtext.Extensibility;
@@ -188,7 +189,7 @@ private void SwapWithLabel(TextBox textBox)
{
int index = Controls.IndexOf(textBox);
Controls.RemoveAt(index);
- Controls.AddAt(index, new LiteralControl(textBox.Text));
+ Controls.AddAt(index, new LiteralControl(HttpUtility.HtmlEncode(textBox.Text)));
textBox.Visible = true;
}

0 comments on commit 6c8ab19

Please sign in to comment.