Fixed an XSS vulnerability in the Twig Extension

The 'render_relation_element' filter (in contrast to the other two filters) does not use a template for rendering, but simply returns the '__toString()' value of the given object (that's the default behavior). However, the method was marked as HTML-safe. This leads to the fact that any string returned by '__toString()' (which often comes from direct user input) is output without any escaping. This makes the filter vulnerable to a Stored Cross-Site Scripting attack. The vulnerability has been fixed in this commit.
sonata-project · Feb 15, 2013 · 1fd119d · 1fd119d
1 parent 54e161e
commit 1fd119d
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/Twig/Extension/SonataAdminExtension.php b/Twig/Extension/SonataAdminExtension.php
@@ -40,7 +40,7 @@ public function getFilters()
         return array(
             'render_list_element'     => new \Twig_Filter_Method($this, 'renderListElement', array('is_safe' => array('html'))),
             'render_view_element'     => new \Twig_Filter_Method($this, 'renderViewElement', array('is_safe' => array('html'))),
-            'render_relation_element' => new \Twig_Filter_Method($this, 'renderRelationElement', array('is_safe' => array('html'))),
+            'render_relation_element' => new \Twig_Filter_Method($this, 'renderRelationElement'),
         );
     }