Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

BUGFIX Escape HTML in DropdownField and ListboxField

Fixes reflected XSS in Group titles when using
in group selections (e.g. in "New Member" form).
  • Loading branch information...
commit f8bbc0a7265ca8da74bd1ffd073180a887dfbdeb 1 parent 604ede3
@chillu chillu authored
Showing with 1 addition and 1 deletion.
  1. +1 −1  templates/forms/DropdownField.ss
View
2  templates/forms/DropdownField.ss
@@ -1,5 +1,5 @@
<select $AttributesHTML>
<% loop Options %>
- <option value="$Value"<% if Selected %> selected="selected"<% end_if %><% if Disabled %> disabled="disabled"<% end_if %>>$Title</option>
+ <option value="$Value.XML"<% if Selected %> selected="selected"<% end_if %><% if Disabled %> disabled="disabled"<% end_if %>>$Title.XML</option>
<% end_loop %>
</select>
Please sign in to comment.
Something went wrong with that request. Please try again.