Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Escape output in image block default snippet #3510

Merged
merged 2 commits into from Jul 16, 2021

Conversation

lukasbestle
Copy link
Member

@lukasbestle lukasbestle commented Jul 15, 2021

Release notes

Enhancement

  • The default block snippet for the image block now escapes the content output from the source, alt and link fields. This protects against XSS attacks against site visitors.

Breaking changes

None

Related issues/ideas

None

Ready?

  • Unit tests for fixed bug/feature
  • In-code documentation (wherever needed)
  • CI checks pass

When merging

@lukasbestle lukasbestle added the type: enhancement Suggests an enhancement; improves Kirby label Jul 15, 2021
@lukasbestle lukasbestle added this to the 3.6.0-alpha.2 milestone Jul 15, 2021
@lukasbestle lukasbestle requested a review from a team July 15, 2021 10:23
@lukasbestle lukasbestle self-assigned this Jul 15, 2021
@bastianallgeier bastianallgeier merged commit 91f9fc0 into develop Jul 16, 2021
12 checks passed
@bastianallgeier bastianallgeier deleted the fix/image-block-escape branch July 16, 2021 10:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
type: enhancement Suggests an enhancement; improves Kirby
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants