Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Stored XSS: Context #14357

Merged
merged 2 commits into from Mar 6, 2019
Merged

Fix Stored XSS: Context #14357

merged 2 commits into from Mar 6, 2019

Conversation

Ibochkarev
Copy link
Collaborator

What does it do?

Fix Stored XSS: Context

Why is it needed?

Security reason

Related issue(s)/PR(s)

#14342

@JoshuaLuckers JoshuaLuckers added area-security pr/review-needed Pull request requires review and testing. labels Feb 10, 2019
@Ibochkarev
Copy link
Collaborator Author

This PR in the current form corrects the error when you edit and save context data. In the list of contexts, the error is not fixed. I take for revision.

@Mark-H
Copy link
Collaborator

Mark-H commented Feb 15, 2019
edited

All grids in 3.x automatically get the htmlEncode renderer applied, so I'm wondering if we can ignore reports/PRs like this targeting 2.x?

@Jako Jako added this to the v2.7.2 milestone Feb 21, 2019
Mark-H
Mark-H approved these changes Mar 6, 2019
View reviewed changes
Copy link
Collaborator

@Mark-H Mark-H left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As there's already a PR for this I'll approve it, but I suggest no more precious development time is spent on adding these renderers to other grids when they are all automatically applied in 3.x.

@alroniks alroniks added pr/ready-for-merging Pull request reviewed and tested and ready for merging. and removed pr/review-needed Pull request requires review and testing. labels Mar 6, 2019
@alroniks alroniks merged commit 4594f27 into modxcms:2.x Mar 6, 2019
alroniks pushed a commit that referenced this pull request Mar 6, 2019
Improved security in contexts in the manager [#14357]
34719a2 
* upstream/pr/14357:
  Update modx.panel.context.js
  Fix #14342
@Ibochkarev Ibochkarev deleted the bug-14342 branch March 18, 2021 04:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alroniks alroniks alroniks approved these changes

@Mark-H Mark-H Mark-H approved these changes

@opengeek opengeek Awaiting requested review from opengeek opengeek is a code owner

Assignees
No one assigned
Labels
area-security pr/ready-for-merging Pull request reviewed and tested and ready for merging.
Projects
None yet
Milestone
v2.7.2
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@Ibochkarev @Mark-H @alroniks @Jako @JoshuaLuckers