Security bug 1944633: Select2 dealing with bad characters
If we have something like <script>alert(document.domain)</script>
being put into a select2 field then selected, eg tags for a page, then
we need to escape the input so that the code isn't executed.
Change-Id: I64b8dbd3d6071e27584d8c5199b2eb35c803c9de
Signed-off-by: Robert Lyon <email address hidden>
Reviewed: https:/ /reviews. mahara. org/12125 /git.mahara. org/mahara/ mahara/ commit/ 8f8fd43ed08e6c8 ef614668ce84c26 9605ba3ca6
Committed: https:/
Submitter: Robert Lyon (<email address hidden>)
Branch: main
commit 8f8fd43ed08e6c8 ef614668ce84c26 9605ba3ca6
Author: Robert Lyon <email address hidden>
Date: Thu Sep 23 14:22:30 2021 +1200
Security bug 1944633: Select2 dealing with bad characters
If we have something like <script> alert(document. domain) </script>
being put into a select2 field then selected, eg tags for a page, then
we need to escape the input so that the code isn't executed.
Change-Id: I64b8dbd3d6071e 27584d8c5199b2e b35c803c9de
Signed-off-by: Robert Lyon <email address hidden>