Skip to content

Commit 8b6bd0a

Browse files
committed
fixes #1297 - possible xss vulnerability in select field type
1 parent 0dd5f62 commit 8b6bd0a

File tree

2 files changed

+2
-1
lines changed

2 files changed

+2
-1
lines changed

Diff for: CHANGELOG.md

+1
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@ All Notable changes to `Backpack CRUD` will be documented in this file
2424

2525
## Fixed
2626
- #1378 - when a custom default page length is specified, it should show up in the page length menu;
27+
- #1297 - possible XSS vulnerability in ```select``` field type; now using ```e()``` to escape the attribute;
2728

2829

2930
## [3.4.8] - 2018-05-07

Diff for: src/resources/views/columns/select.blade.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
<?php
44
$attributes = $crud->getModelAttributeFromRelation($entry, $column['entity'], $column['attribute']);
55
if (count($attributes)) {
6-
echo implode(', ', $attributes);
6+
echo e(implode(', ', $attributes));
77
} else {
88
echo '-';
99
}

0 commit comments

Comments
 (0)