Mahara

Overview
Code
Bugs
Blueprints
Translations
Answers

Bug #1944633
Comment #12

Comment 12 for bug 1944633

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2021-10-28: A change has been merged

#12

Reviewed: https://reviews.mahara.org/12192
Committed: https://git.mahara.org/mahara/mahara/commit/d32f9c74d1a799c89632ae789e2da75b09adb32f
Submitter: Robert Lyon (<email address hidden>)
Branch: 20.10_STABLE

commit d32f9c74d1a799c89632ae789e2da75b09adb32f
Author: Robert Lyon <email address hidden>
Date: Thu Sep 23 14:22:30 2021 +1200

Security bug 1944633: Select2 dealing with bad characters

If we have something like <script>alert(document.domain)</script>
being put into a select2 field then selected, eg tags for a page, then
we need to escape the input so that the code isn't executed.

Change-Id: I64b8dbd3d6071e27584d8c5199b2eb35c803c9de
Signed-off-by: Robert Lyon <email address hidden>
(cherry picked from commit 8f8fd43ed08e6c8ef614668ce84c269605ba3ca6)
(cherry picked from commit 756e4ccc7f56be3cf786e84506952987883696f9)