chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Security: Remove on-attributes when showing an HTML editor in forms

Browse Source 
Refs advisory GHSA-24cc-9jp9-rxx6
pull/6052/head
Angel Fernando Quiroz Campos 8 months ago
parent 7f75d7066d
commit beb07770d6
No known key found for this signature in database
GPG Key ID: B284841AE3E562CD
1 changed files with 9 additions and 0 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 9
      main/inc/lib/formvalidator/Element/HtmlEditor.php

9
main/inc/lib/formvalidator/Element/HtmlEditor.php
Unescape View File

@ -2,6 +2,7 @@
/* For licensing terms, see /license.txt */
use Chamilo\CoreBundle\Component\Editor\CkEditor\CkEditor;
use Chamilo\CoreBundle\Component\HTMLPurifier\Filter\RemoveOnAttributes;
/**
* A html editor field to use with QuickForm.
@ -110,4 +111,12 @@ class HtmlEditor extends HTML_QuickForm_textarea
return $result;
}
/**
* @return string|null
*/
public function getValue(): ?string
{
return RemoveOnAttributes::filter($this->_value);
}
}

Write Preview
Loading…
Cancel
Save