[SECURITY] Encode URL for use in JavaScript 70/30270/2
authorMarkus Klein <klein.t3@mfc-linz.at>
Thu, 22 May 2014 07:31:08 +0000 (09:31 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Thu, 22 May 2014 07:31:12 +0000 (09:31 +0200)
commit4f7258cf6cd1e18db538671b5e1e531ceee244fe
tree537b4e5cc50307f3a41663ba851ebe23371ec591
parent742ad4926a3222d069e17e4675cdf2f6e123d25d
[SECURITY] Encode URL for use in JavaScript

The url for the Open in New Window button must be quoted for
use in JavaScript to prevent XSS issues.

Change-Id: If3600662e79fb0945ca62b3a25feaf001180b88d
Fixes: #48693
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: 8a9c1615f82cf0a8c3449ae37f47338da132e505
Security-Bulletin: TYPO3-CORE-SA-2014-001
Reviewed-on: https://review.typo3.org/30270
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
typo3/alt_doc.php