This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse the repository at this point in the history
convert CDATA nodes to TEXT nodes to avoid XSS issues
CDATA nodes will not be html escaped. Users shouldn't be submitting CDATA nodes in the first place, so we should convert them to text nodes before escaping CVE-2015-7580
- Loading branch information
Showing 2 changed files with 16 additions and 1 deletion.