[SECURITY] Encode URL for use in JavaScript 02/30302/2
authorJigal van Hemert <jigal.van.hemert@typo3.org>
Thu, 22 May 2014 07:33:41 +0000 (09:33 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Thu, 22 May 2014 07:33:46 +0000 (09:33 +0200)
commit5ecbf2389336a780c9ba9343844cdb5409b9317a
treeb21e5c2804b4bcd8b37431f51264918ab5964f62
parentd591b1d45e350fe1e467b1ffada91a4252314721
[SECURITY] Encode URL for use in JavaScript

The url for the Open in New Window button must be quoted for
use in JavaScript to prevent XSS issues.

Change-Id: I3e55f31c3c857989d71a5ef1a0368b96aa5e2c31
Fixes: #48693
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: 4d9cd3e6f589c77b5a366497a33f7eb2099dc749
Security-Bulletin: TYPO3-CORE-SA-2014-001
Reviewed-on: https://review.typo3.org/30302
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
typo3/sysext/backend/Classes/Controller/EditDocumentController.php