Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix xss bugs in meta #3093

Merged
merged 1 commit into from May 15, 2020
Merged

Conversation

carakas
Copy link
Member

@carakas carakas commented May 13, 2020

Only allow html but no javascript in the navigation title

Type

  • Security

Pull request description

It was possible to inject javascript in the frontend and in the backend using the meta properties

Only allow html but no javascript in the navigation title
@carakas carakas added this to the 5.8.3 milestone May 13, 2020
@carakas carakas requested a review from a team May 13, 2020 12:45
@carakas carakas merged commit 74d99a4 into forkcms:master May 15, 2020
@carakas carakas deleted the navigation_title-xss branch May 15, 2020 10:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants