Skip to content

Commit e786fd4

Browse files
kingjia90dvesh3
authored andcommitted
escaping 'key' custom property field in elements
1 parent ce5c01f commit e786fd4

File tree

1 file changed

+3
-2
lines changed
  • bundles/AdminBundle/Resources/public/js/pimcore/element

1 file changed

+3
-2
lines changed

Diff for: bundles/AdminBundle/Resources/public/js/pimcore/element/properties.js

+3-2
Original file line numberDiff line numberDiff line change
@@ -568,10 +568,11 @@ pimcore.element.properties = Class.create({
568568

569569
addSetFromUserDefined: function (customKey, customType) {
570570
try {
571-
if (in_array(customKey.getValue(), this.disallowedKeys)) {
571+
let key = htmlspecialchars(customKey.getValue());
572+
if (in_array(key, this.disallowedKeys)) {
572573
Ext.MessageBox.alert(t("error"), t("name_is_not_allowed"));
573574
}
574-
this.add(customKey.getValue(), customType.getValue(), false, false, false, true);
575+
this.add(key, customType.getValue(), false, false, false, true);
575576
} catch (e) {
576577
console.log(e);
577578
}

0 commit comments

Comments
 (0)