Skip to content
Permalink
Browse files
Merge pull request #3038 from acrobat/xss-fixes
[AllBundles] Escape user input to avoid xss issues
  • Loading branch information
acrobat committed Nov 22, 2021
2 parents e9e82ee + 8b5578e commit b58d64a754c4473ee5d0f7a86b540522003507c2
@@ -47,7 +47,8 @@ kunstmaanbundles.slugChooser = (function(window, undefined) {
return;
}

$preview.find('span').html(updatedUrl);
// Use jquery .text to escape user input value to avoid potential xss
$preview.find('span').text(updatedUrl);
$preview.show();
};

@@ -110,5 +110,5 @@
{% endif %}

{% if seo.getExtraMetadata() %}
{{ seo.getExtraMetadata() | raw }}
{{ seo.getExtraMetadata()|escape('html')|raw }}
{% endif %}

0 comments on commit b58d64a

Please sign in to comment.