Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Strip any unescaped double-quotes from output #20

Merged
merged 1 commit into from
Jul 18, 2014
Merged

Strip any unescaped double-quotes from output #20

merged 1 commit into from
Jul 18, 2014

Conversation

jimmed
Copy link

@jimmed jimmed commented Jul 18, 2014

Fixes #19 (in theory)

boutell pushed a commit that referenced this pull request Jul 18, 2014
@boutell boutell merged commit 7a1deb3 into apostrophecms:master Jul 18, 2014
@boutell
Copy link
Member

boutell commented Jul 18, 2014

Thanks. I added a unit test for it. I'll open an issue upstream.

@jimmed jimmed deleted the strip-double-quotes branch July 18, 2014 16:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

XSS injection vulnerability using empty, undelimited attributes
2 participants