Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix #11299: Custom menu links should be sanitised before output
If an administrator defines custom menu links (consisting of a caption and URL) then these values should be escaped of special HTML characters before being printed into the menu. This XSS issue is of no security concern as it requires administrator access and manual modifications to the configuration file. Co-contributed-by: David Hicks <hickseydr@optusnet.com.au> Signed-off-by: David Hicks <hickseydr@optusnet.com.au>
- Loading branch information