Peter M. Groen / knowledgetree

Commit 0a88db50d6a6c9c1917c4e7a6e67a467d2b5f84b

Authored by conradverm
1 parent dda53eea

KTS-2178 

"cross site scripting"
Updated.

Reviewed By: Kevin Fourie

git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@6924 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 4 additions and 4 deletions
plugins/rssplugin/templates/RSSPlugin/dashlet.smarty
  View file @0a88db5
@@ -9,13 +9,13 @@ @@ -9,13 +9,13 @@
9 {/if} 9 {/if}
10 {if $feedlist} 10 {if $feedlist}
11 {section name=feed loop=$feedlist} 11 {section name=feed loop=$feedlist}
12 - <option value='{$feedlist[feed].url}'>{$feedlist[feed].title}</option> 12 + <option value='{$feedlist[feed].url}'>{$feedlist[feed].title|sanitize}</option>
13 {/section} 13 {/section}
14 {/if} 14 {/if}
15 </select> 15 </select>
16 {if ($action.url)}<a href="{$action.url}" 16 {if ($action.url)}<a href="{$action.url}"
17 -{if $action.description}title="{$action.description}"{/if}  
18 - >{$action.name}</a>{else}{$action.name}{/if} 17 +{if $action.description}title="{$action.description|sanitize}"{/if}
  18 + >{$action.name}</a>{else}{$action.name|sanitize}{/if}
19 </form> 19 </form>
20 {/if} 20 {/if}
21 </div> 21 </div>
@@ -26,7 +26,7 @@ @@ -26,7 +26,7 @@
26 <table width='90%'> 26 <table width='90%'>
27 {section name=i start=0 loop=$itemcount} 27 {section name=i start=0 loop=$itemcount}
28 <tr> 28 <tr>
29 - <td><strong><a href='{$internalrss.items[i].link}'>{$internalrss.items[i].title}</a><strong></td> 29 + <td><strong><a href='{$internalrss.items[i].link}'>{$internalrss.items[i].title|sanitize}</a><strong></td>
30 </tr> 30 </tr>
31 <tr> 31 <tr>
32 <td>{$internalrss.items[i].description}</td> 32 <td>{$internalrss.items[i].description}</td>