Skip to content

Commit

Permalink
[SECURITY] Prevent XSS in EXT:form error message output
Browse files Browse the repository at this point in the history 
Resolves: #88629
Releases: master, 9.5, 8.7
Security-Commit: e179b6dd34bb47f2af28c58c19a14f46ae8f9f52
Security-Bulletin: TYPO3-CORE-SA-2019-021
Change-Id: Ifd513f543f9be44285322136f89992c00be0fbcd
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62709
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
  • Loading branch information
@NeoBlack @ohader
NeoBlack authored and ohader committed Dec 17, 2019
1 parent d075cde commit e971b01
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion typo3/sysext/form/Resources/Private/Frontend/Partials/Field/Field.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
<f:if condition="{validationResults.flattenedErrors}">
<span class="error help-block" role="alert">
<f:for each="{validationResults.errors}" as="error">
{formvh:translateElementError(element: element, error: error)}
<f:format.htmlspecialchars>{formvh:translateElementError(element: element, error: error)}</f:format.htmlspecialchars>
<br />
</f:for>
</span>
Expand Down

0 comments on commit e971b01

Please # to comment.