Permalink
Browse files

Fix XSS in error tag display of failed submissions

  • Loading branch information...
1 parent d91d3e1 commit bea662dbb16afad9c683774f10c0046abc1735f9 Josh Lavin committed Jul 25, 2013
Showing with 3 additions and 0 deletions.
  1. +3 −0 code/SystemTag/error.coretag
@@ -43,6 +43,9 @@ sub tag_error {
}
return set_error($error, $var, $opt);
}
+ unless(defined $opt->{filter}) {
+ $opt->{filter} = 'encode_entities';
+ }
my $err_ref = $Vend::Session->{errors};
my $text;
my @errors;

0 comments on commit bea662d

Please sign in to comment.