Fix XSS vulnerability in attributes (#3965)

2026-03-08 00:59:04 -05:00 · 2026-03-03 22:28:32 +01:00
parent 79427481b3
commit b93359bcaf
1 changed files with 1 additions and 1 deletions
--- a/app/Views/attributes/form.php
+++ b/app/Views/attributes/form.php
@@ -192,7 +192,7 @@
                }
            }

-            $('#definition_list_group').append('<li class="list-group-item">' + value + '<a href="javascript:void(0);"><span class="glyphicon glyphicon-trash pull-right"></span></a></li>')
+            $('#definition_list_group').append('<li class="list-group-item">' + DOMPurify.sanitize(value) + '<a href="javascript:void(0);"><span class="glyphicon glyphicon-trash pull-right"></span></a></li>')
                .find(':last-child a').click(remove_attribute_value);
            $('#definition_value').val('');
        };