groove/Part-DB-server
1
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2026-06-17 08:01:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Hardened against potential XSS injection in table columns

Browse source
This commit is contained in:
Jan Böhmer 2026-06-14 12:08:25 +02:00
parent c9dd27712c
commit 11b41ee66a
2 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/DataTables/Column/EntityColumn.php
View file

@ -78,7 +78,7 @@ class EntityColumn extends AbstractColumn
);
}
return sprintf('<i>%s</i>', $value);
return sprintf('<i>%s</i>', htmlspecialchars($value));
}
return '';

6
src/DataTables/Column/IconLinkColumn.php
View file

@ -87,9 +87,9 @@ class IconLinkColumn extends AbstractColumn
return sprintf(
'<a class="btn btn-primary btn-sm %s" href="%s" title="%s"><i class="%s"></i></a>',
$disabled ? 'disabled' : '',
$href,
$title,
$icon
htmlspecialchars($href),
htmlspecialchars($title ?? ''),
htmlspecialchars($icon ?? '')
);
}