Skip to content
Find file Blame History Permalink
  • Jigal van Hemert's avatar
    [SECURITY] Encode URL for use in JavaScript · 5ecbf238
    Jigal van Hemert authored and Oliver Hader's avatar Oliver Hader committed 
    The url for the Open in New Window button must be quoted for
use in JavaScript to prevent XSS issues.

Change-Id: I3e55f31c3c857989d71a5ef1a0368b96aa5e2c31
Fixes: #48693
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: 4d9cd3e6f589c77b5a366497a33f7eb2099dc749
Security-Bulletin: TYPO3-CORE-SA-2014-001
Reviewed-on: https://review.typo3.org/30302
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
    5ecbf238