Commit 6e40f1cf authored by Thomas Citharel's avatar Thomas Citharel
Browse files

Merge branch 'fix-graph-xss' into 'v1.1.x'

Fix an XSS in the result graph

See merge request framasoft/framadate/framadate!493
parents e0028dc8 02229c67
......@@ -73,6 +73,10 @@ function smarty_modifier_addslashes_single_quote($string) {
return addcslashes($string, '\\\'');
}
function smarty_modifier_addslashes($string) {
return addslashes($string);
}
function smarty_modifier_html($html) {
return Utils::htmlEscape($html);
}
......
......@@ -282,7 +282,7 @@
});
var cols = [
{foreach $slots as $id=>$slot}
$('<div/>').html('{$slot->title|markdown:true}').text(),
"{$slot->title|markdown:true|addslashes}",
{/foreach}
];
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment