Skip to content
Permalink
Browse files Browse the repository at this point in the history
XWIKI-20354: Attachment selector properties are missing escaping
  * Avoid breaking html with macro properties values
  • Loading branch information
surli committed Dec 12, 2022
1 parent 446ece6 commit 5e8725b
Showing 1 changed file with 1 addition and 1 deletion.
Expand Up @@ -1651,7 +1651,7 @@ $xwiki.ssx.use($xcontext.macro.doc.fullName)##
#elseif ($xcontext.action == 'inline' || $xcontext.action == 'edit')
(% class="attachment-picker" %)(((##
#attachmentPicker_displayAttachment($propValue $displayImage false true) #attachmentPicker_displayButton()##
{{html}}<input type="hidden" name="${classname}_${object}_${property}" value="${propValue}" class="property-reference"/>{{/html}}##
{{html}}<input type="hidden" name="$escapetool.xml("${classname}_${object}_${property}")" value="$escapetool.xml("${propValue}")" class="property-reference"/>{{/html}}##
)))
#else
#attachmentPicker_displayAttachment($propValue $displayImage $link false)
Expand Down

0 comments on commit 5e8725b

Please sign in to comment.