FAQ | This is a LIVE service | Changelog

Skip to content
Snippets Groups Projects
  1. Apr 20, 2017
  2. Mar 22, 2017
  3. Jan 18, 2017
  4. Jan 13, 2017
  5. Sep 16, 2016
  6. Sep 15, 2016
  7. Sep 14, 2016
    • Jon Warbrick's avatar
      Fix lack of escaping (and so XSS vuln.) in select2 calls · 5e25e476
      Jon Warbrick authored
      The invocation of Jquery select2 to provide searchable dropdowns
      didn't sanitise data coming fom lookup, with the result that any
      HTML markup it contained, including <script>...</script>, was
      interpreted.
      
      The documentation is difficult to follow, but indications are that the
      formater functions (at least formatResult and formatSelection), if
      overriden have to do their own escaping of data as necessary. They are
      however passed the current global 'escapeMarkup' function as their
      final parameter.
      5e25e476
  8. Aug 23, 2016
  9. Jun 13, 2016
  10. Jun 06, 2016
  11. May 11, 2016
  12. Oct 12, 2015
  13. Oct 09, 2015
  14. Jun 26, 2015
  15. Jun 25, 2015
  16. May 14, 2015
  17. May 13, 2015
  18. May 01, 2015
  19. Mar 06, 2015
  20. Sep 19, 2014
  21. Sep 10, 2014
Loading