Skip to content

Commit 9fc6748

Browse files
authored
Security fix in Properties Parameter (#14825)
1 parent fb3056a commit 9fc6748

File tree

1 file changed

+1
-1
lines changed
  • bundles/AdminBundle/Resources/public/js/pimcore/document/editables

1 file changed

+1
-1
lines changed

Diff for: bundles/AdminBundle/Resources/public/js/pimcore/document/editables/link.js

+1-1
Original file line numberDiff line numberDiff line change
@@ -98,7 +98,7 @@ pimcore.document.editables.link = Class.create(pimcore.document.editable, {
9898
text = this.data.path;
9999
}
100100
if (this.data.path || this.data.anchor || this.data.parameters) {
101-
let fullpath = this.data.path + (this.data.parameters ? '?' + this.data.parameters : '') + (this.data.anchor ? '#' + this.data.anchor : '');
101+
let fullpath = this.data.path + (this.data.parameters ? '?' + Ext.util.Format.htmlEncode(this.data.parameters) : '') + (this.data.anchor ? '#' + Ext.util.Format.htmlEncode(this.data.anchor) : '');
102102
let displayHtml = Ext.util.Format.htmlEncode(text);
103103

104104
if (this.config.textPrefix !== undefined) {

0 commit comments

Comments
 (0)