Skip to content

Commit

Permalink
Merge pull request #79 from forkcms/fix-spoon-form-attributes-xss
Browse files Browse the repository at this point in the history 
Fix xss issue with form attributes
  • Loading branch information
@carakas
carakas authored Feb 18, 2021
2 parents e86d149 + b27d38b commit 8ea8134
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion spoon/form/attributes.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ protected function getAttributesHTML(array $variables)
else
{
$html .= ' ' . $key;
if($value !== null) $html .= '="' . str_replace(array_keys($variables), array_values($variables), $value) . '"';
if($value !== null) $html .= '="' . Spoonfilter::htmlSpecialChars(str_replace(array_keys($variables), array_values($variables), $value)) . '"';
}
}

Expand Down

0 comments on commit 8ea8134

Please sign in to comment.