Skip to content

Z
Zope
Commit 8aa8b081 authored by Maurits van Rees's avatar Maurits van Rees
Browse files
Options

Quote variable in manage_tabs to avoid XSS. 

From Products.PloneHotfix20160830.
parent 6ddbde03
Hide whitespace changes
Inline Side-by-side
Showing with 4 additions and 1 deletion
CHANGES.rst
View file @ 8aa8b081
...@@ -11,6 +11,9 @@ https://zope.readthedocs.io/en/2.13/CHANGES.html ...@@ -11,6 +11,9 @@ https://zope.readthedocs.io/en/2.13/CHANGES.html
Bugs Fixed Bugs Fixed
++++++++++ ++++++++++
- Quote variable in manage_tabs to avoid XSS.
From Products.PloneHotfix20160830. [maurits]
- Remove more HelpSys references. - Remove more HelpSys references.
Features Added Features Added
......
src/App/dtml/manage_tabs.dtml
View file @ 8aa8b081
...@@ -97,7 +97,7 @@ ...@@ -97,7 +97,7 @@
<dtml-if manage_tabs_message> <dtml-if manage_tabs_message>
<div class="system-msg"> <div class="system-msg">
<dtml-var manage_tabs_message newline_to_br> <dtml-var manage_tabs_message newline_to_br html_quote>
(<dtml-var ZopeTime fmt="%Y-%m-%d %H:%M">) (<dtml-var ZopeTime fmt="%Y-%m-%d %H:%M">)
</div> </div>
</dtml-if> </dtml-if>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7