[SECURITY] Prevent XSS in IRRE elements 66/49066/2
authorNicole Cordes <typo3@cordes.co>
Tue, 19 Jul 2016 10:16:00 +0000 (12:16 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 19 Jul 2016 10:16:03 +0000 (12:16 +0200)
commita333ce3b2803d5a155a315bff10a462d07ae72d1
treec90552d7eebd186750b79433434b99440f03ca65
parent162673231dd56eb1a7adc6eaf85ea1044d5c1dd0
[SECURITY] Prevent XSS in IRRE elements

This patch changes a JavaScript function to use text() instead of html()
to prevent JavaScript execution.

Resolves: #76922
Releases: master, 7.6, 6.2
Security-Commit: d7a59c7dfeb86948f229b6530bdf283178e9ca06
Security-Bulletins: TYPO3-CORE-SA-2016-014, 015, 016, 017, 018
Change-Id: I6ac713596831ccbb69dc2930357dbdf4603b8baa
Reviewed-on: https://review.typo3.org/49066
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/backend/Resources/Public/JavaScript/jsfunc.inline.js