Skip to content

Commit

Permalink
escape the message to protect against xss
Browse files Browse the repository at this point in the history
  • Loading branch information
@zero-24
zero-24 committed Feb 17, 2021
1 parent 4a6f30e commit ad1c86e
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion administrator/components/com_messages/views/message/tmpl/default.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@
<?php echo JText::_('COM_MESSAGES_FIELD_MESSAGE_LABEL'); ?>
</div>
<div class="controls">
<?php echo $this->item->message; ?>
<?php echo $this->escape($this->item->message); ?>
</div>
</div>
<input type="hidden" name="task" value="" />
Expand Down

0 comments on commit ad1c86e

Please sign in to comment.