Skip to content
Permalink
Browse files Browse the repository at this point in the history
Escape html specialchars in title tags #536
This is related to an XSS error found during FLOSSHack. HTML tags could
be inserted into the page title tag.
  • Loading branch information
rjmackay committed Jul 2, 2012
1 parent 3f14fa0 commit 00eae4f
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion application/views/admin/layout.php
Expand Up @@ -17,7 +17,7 @@
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=7" />
<title><?php echo $site_name ?></title>
<title><?php echo html::specialchars($site_name) ?></title>
<?php
echo html::stylesheet(url::file_loc('css').'media/css/admin/all', '', TRUE);
echo html::stylesheet(url::file_loc('css').'media/css/jquery-ui-themeroller', '', TRUE);
Expand Down
2 changes: 1 addition & 1 deletion themes/default/views/header.php
@@ -1,7 +1,7 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title><?php echo $page_title.$site_name; ?></title>
<title><?php echo html::specialchars($page_title.$site_name); ?></title>
<?php if (!Kohana::config('settings.enable_timeline')) { ?>
<style>
#graph{display:none;}
Expand Down

0 comments on commit 00eae4f

Please sign in to comment.