Mahara

  1. Series 20.10
  2. Bug #1944633
  3. Comment #5

Comment 5 for bug 1944633

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/12125
Committed: https://git.mahara.org/mahara/mahara/commit/8f8fd43ed08e6c8ef614668ce84c269605ba3ca6
Submitter: Robert Lyon (<email address hidden>)
Branch: main

commit 8f8fd43ed08e6c8ef614668ce84c269605ba3ca6
Author: Robert Lyon <email address hidden>
Date: Thu Sep 23 14:22:30 2021 +1200

Security bug 1944633: Select2 dealing with bad characters

If we have something like <script>alert(document.domain)</script>
being put into a select2 field then selected, eg tags for a page, then
we need to escape the input so that the code isn't executed.

Change-Id: I64b8dbd3d6071e27584d8c5199b2eb35c803c9de
Signed-off-by: Robert Lyon <email address hidden>