Peter M. Groen / knowledgetree

Commit 6f9262092d8279f314b61b7365eef6875bdd3207

Authored by Conrad Vermeulen
1 parent fac477e9

KTS-2178 

"cross site scripting"
Updated.

Reviewed By: Kevin Fourie

git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@6924 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 4 additions and 4 deletions
plugins/rssplugin/templates/RSSPlugin/dashlet.smarty
  View file @6f92620
... ... @@ -9,13 +9,13 @@
9 9 {/if}
10 10 {if $feedlist}
11 11 {section name=feed loop=$feedlist}
12   - <option value='{$feedlist[feed].url}'>{$feedlist[feed].title}</option>
  12 + <option value='{$feedlist[feed].url}'>{$feedlist[feed].title|sanitize}</option>
13 13 {/section}
14 14 {/if}
15 15 </select>
16 16 {if ($action.url)}<a href="{$action.url}"
17   -{if $action.description}title="{$action.description}"{/if}
18   - >{$action.name}</a>{else}{$action.name}{/if}
  17 +{if $action.description}title="{$action.description|sanitize}"{/if}
  18 + >{$action.name}</a>{else}{$action.name|sanitize}{/if}
19 19 </form>
20 20 {/if}
21 21 </div>
... ... @@ -26,7 +26,7 @@
26 26 <table width='90%'>
27 27 {section name=i start=0 loop=$itemcount}
28 28 <tr>
29   - <td><strong><a href='{$internalrss.items[i].link}'>{$internalrss.items[i].title}</a><strong></td>
  29 + <td><strong><a href='{$internalrss.items[i].link}'>{$internalrss.items[i].title|sanitize}</a><strong></td>
30 30 </tr>
31 31 <tr>
32 32 <td>{$internalrss.items[i].description}</td>
... ...