groove/Part-DB-server
1
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-12-08 12:09:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 15

Fixed potential XSS injection vectors in datatables columns

Browse source
This commit is contained in:
Jan Böhmer 2023-02-26 01:23:36 +01:00
parent 5f39d8e594
commit 83cd91f1d1
6 changed files with 10 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/DataTables/Column/EntityColumn.php
View file

@ -79,7 +79,7 @@ class EntityColumn extends AbstractColumn
return sprintf(
'<a href="%s">%s</a>',
$this->urlGenerator->listPartsURL($entity),
$entity->getName()
htmlspecialchars($entity->getName())
);
}