You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In 1.0.1 there was no setting security.output_filter, yet the output was filtered with htmlentities by default. When migrating to 1.1/develop user has to specify this setting in app/config/config.php or the output will not be filtered.
This is not what user would expect and leads to possible security vulnerabilities. I suggest setting security.output_filter to array('Security::htmlentities') if it is not explicitly set in app/config/config.php,
The text was updated successfully, but these errors were encountered:
In 1.0.1 there was no setting security.output_filter, yet the output was filtered with htmlentities by default. When migrating to 1.1/develop user has to specify this setting in app/config/config.php or the output will not be filtered.
This is not what user would expect and leads to possible security vulnerabilities. I suggest setting security.output_filter to array('Security::htmlentities') if it is not explicitly set in app/config/config.php,
The text was updated successfully, but these errors were encountered: