[SECURITY] XSS in colorpicker wizard 24/26224/2
authorMarcus Krause <marcus.krause@typo3.org>
Tue, 10 Dec 2013 09:55:10 +0000 (10:55 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 10 Dec 2013 09:55:14 +0000 (10:55 +0100)
commit226d624a9ec74d87ebf46a7add9d355a3128e645
tree6bc896785b97717f89e2b32fdd141c5890972310
parentfdd3d3f171234741bf66e734bee6a16a8c9388e1
[SECURITY] XSS in colorpicker wizard

Encode user-input in JavaScript context for colorpicker.

Change-Id: I1121d6d20c90e476a2d0ea4f000b180e843a4ce0
Fixes: #42772
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: b6fec0611604ccdce95d4d33cd7dcae0911a5d9a
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26224
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
typo3/sysext/backend/Classes/Controller/Wizard/ColorpickerController.php