Skip to content

Z
Zope
Commit e130ee11 authored by Maurits van Rees's avatar Maurits van Rees
Browse files
Options

Fixed reflective XSS in findResult. 

This applies PloneHotfix20170117.
parent 4223f551
Hide whitespace changes
Inline Side-by-side
Showing with 3 additions and 1 deletion
doc/CHANGES.rst
View file @ e130ee11
...@@ -8,6 +8,8 @@ http://docs.zope.org/zope2/ ...@@ -8,6 +8,8 @@ http://docs.zope.org/zope2/
2.13.26 (unreleased) 2.13.26 (unreleased)
-------------------- --------------------
- Fixed reflective XSS in findResult.
This applies PloneHotfix20170117. [maurits]
2.13.25 (2017-01-13) 2.13.25 (2017-01-13)
......
src/OFS/dtml/findResult.dtml
View file @ e130ee11
...@@ -128,7 +128,7 @@ your search terms below. ...@@ -128,7 +128,7 @@ your search terms below.
</div> </div>
</TD> </TD>
<TD ALIGN="LEFT" VALIGN="TOP"> <TD ALIGN="LEFT" VALIGN="TOP">
<INPUT TYPE="TEXT" NAME="obj_ids:tokens" SIZE="30" VALUE="<dtml-var "' '.join(obj_ids or [])">"> <INPUT TYPE="TEXT" NAME="obj_ids:tokens" SIZE="30" VALUE="<dtml-var "' '.join(obj_ids or [])" html_quote>">
</TD> </TD>
</TR> </TR>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7