Mahara

Overview
Code
Bugs
Blueprints
Translations
Answers

Bug #1944633
Comment #11

Comment 11 for bug 1944633

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2021-10-28: A change has been merged

#11

Reviewed: https://reviews.mahara.org/12193
Committed: https://git.mahara.org/mahara/mahara/commit/69097de77312844b2b48ac6846a249955ad18587
Submitter: Robert Lyon (<email address hidden>)
Branch: 20.04_STABLE

commit 69097de77312844b2b48ac6846a249955ad18587
Author: Robert Lyon <email address hidden>
Date: Thu Sep 23 14:22:30 2021 +1200

Security bug 1944633: Select2 dealing with bad characters

If we have something like <script>alert(document.domain)</script>
being put into a select2 field then selected, eg tags for a page, then
we need to escape the input so that the code isn't executed.

Change-Id: I64b8dbd3d6071e27584d8c5199b2eb35c803c9de
Signed-off-by: Robert Lyon <email address hidden>
(cherry picked from commit 8f8fd43ed08e6c8ef614668ce84c269605ba3ca6)
(cherry picked from commit 756e4ccc7f56be3cf786e84506952987883696f9)