[SECURITY] Encode URL for use in JavaScript 94/30294/2
authorJigal van Hemert <jigal.van.hemert@typo3.org>
Thu, 22 May 2014 07:33:03 +0000 (09:33 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Thu, 22 May 2014 07:33:07 +0000 (09:33 +0200)
commit54e46912ec13a194352c9f366182956a501f4f90
treee670b6c03e4041b8ade7720d57599220e313eed6
parentb6826ff0b0ba6914768b147e3dcca45af75844a0
[SECURITY] Encode URL for use in JavaScript

The url for the Open in New Window button must be quoted for
use in JavaScript to prevent XSS issues.

Change-Id: I849534cd53d333f6e12846a8065ad7e5373b8e63
Fixes: #48693
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: 06a582c197dee4add0979f956f932ea03e2b3022
Security-Bulletin: TYPO3-CORE-SA-2014-001
Reviewed-on: https://review.typo3.org/30294
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
typo3/sysext/backend/Classes/Controller/EditDocumentController.php