Mahara

  1. Bug #1944633
  2. Comment #7

Comment 7 for bug 1944633

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/12190
Committed: https://git.mahara.org/mahara/mahara/commit/756e4ccc7f56be3cf786e84506952987883696f9
Submitter: Robert Lyon (<email address hidden>)
Branch: 21.10_DEV

commit 756e4ccc7f56be3cf786e84506952987883696f9
Author: Robert Lyon <email address hidden>
Date: Thu Sep 23 14:22:30 2021 +1200

Security bug 1944633: Select2 dealing with bad characters

If we have something like <script>alert(document.domain)</script>
being put into a select2 field then selected, eg tags for a page, then
we need to escape the input so that the code isn't executed.

Change-Id: I64b8dbd3d6071e27584d8c5199b2eb35c803c9de
Signed-off-by: Robert Lyon <email address hidden>
(cherry picked from commit 8f8fd43ed08e6c8ef614668ce84c269605ba3ca6)