Skip to content
Permalink
Browse files Browse the repository at this point in the history
fixes #1297 - possible xss vulnerability in select field type
  • Loading branch information
tabacitu committed May 10, 2018
1 parent 0dd5f62 commit 8b6bd0a
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
1 change: 1 addition & 0 deletions CHANGELOG.md
Expand Up @@ -24,6 +24,7 @@ All Notable changes to `Backpack CRUD` will be documented in this file

## Fixed
- #1378 - when a custom default page length is specified, it should show up in the page length menu;
- #1297 - possible XSS vulnerability in ```select``` field type; now using ```e()``` to escape the attribute;


## [3.4.8] - 2018-05-07
Expand Down
2 changes: 1 addition & 1 deletion src/resources/views/columns/select.blade.php
Expand Up @@ -3,7 +3,7 @@
<?php
$attributes = $crud->getModelAttributeFromRelation($entry, $column['entity'], $column['attribute']);
if (count($attributes)) {
echo implode(', ', $attributes);
echo e(implode(', ', $attributes));
} else {
echo '-';
}
Expand Down

0 comments on commit 8b6bd0a

Please sign in to comment.