[SECURITY] Prevent XSS in IRRE elements 79/49079/2
authorNicole Cordes <typo3@cordes.co>
Tue, 19 Jul 2016 10:17:40 +0000 (12:17 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 19 Jul 2016 10:17:45 +0000 (12:17 +0200)
commit7fc25564e4034c016705da6646ffaf65891453d8
treeef7be67f7a887f1fa958f443de8513c5cc9b1274
parentbf04086ea2cfec322d329b9e52bf1cc569d3b5d6
[SECURITY] Prevent XSS in IRRE elements

This patch changes a JavaScript function to use text() instead of html()
to prevent JavaScript execution.

Resolves: #76922
Releases: master, 7.6, 6.2
Security-Commit: 252c2cb492ace6c3605772c280f65873f0c18299
Security-Bulletins: TYPO3-CORE-SA-2016-014, 015, 016, 017, 018
Change-Id: I302b0c58d8c7115b137d7c06e22ac9bdb4d6f738
Reviewed-on: https://review.typo3.org/49079
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/backend/Resources/Public/JavaScript/jsfunc.inline.js