Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix: [security] xss in the resolved attributes view
- thanks to Jakub Onderka for reporting it
  • Loading branch information
iglocska committed May 18, 2020
1 parent 60b9171 commit 2989aa0
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion app/View/Events/resolved_attributes.ctp
Expand Up @@ -99,7 +99,7 @@
);
$popoverHTML = '';
foreach ($popover as $key => $popoverElement) {
$popoverHTML .= '<span class=\'bold\'>' . $key . '</span>: <span class=\'blue bold\'>' . $popoverElement . '</span><br />';
$popoverHTML .= '<span class=\'bold\'>' . $key . '</span>: <span class=\'blue bold\'>' . h($popoverElement) . '</span><br />';
}
?>
<a href="<?php echo $baseurl; ?>/events/view/<?php echo h($relation['Event']['id']);?>" data-toggle="popover" title="Attribute details" data-content="<?php echo h($popoverHTML); ?>" data-trigger="hover"><?php echo h($relation['Event']['id']);?></a>
Expand Down

0 comments on commit 2989aa0

Please sign in to comment.