Permalink
Browse files

SECURITY: avoid XSS vulnerability within the Tags field in BlogEntry

  • Loading branch information...
1 parent ff439a5 commit c2a6ba5b69eacb33327d6ed2d0191e7141fea16c @cbarberis cbarberis committed Feb 7, 2013
Showing with 1 addition and 1 deletion.
  1. +1 −1 code/BlogEntry.php
View
@@ -100,7 +100,7 @@ function TagsCollection() {
$link = $this->getParent() ? $this->getParent()->Link('tag') : '';
foreach($tags as $tag) {
$output->push(new ArrayData(array(
- 'Tag' => $tag,
+ 'Tag' => Convert::raw2xml($tag),
'Link' => $link . '/' . urlencode($tag),
'URLTag' => urlencode($tag)
)));

0 comments on commit c2a6ba5

Please sign in to comment.