summaryrefslogtreecommitdiffstats
path: root/application/controllers/api/v2
diff options
context:
space:
mode:
authorFlorian Pritz <bluewind@xinu.at>2016-06-17 00:12:43 +0200
committerFlorian Pritz <bluewind@xinu.at>2016-07-04 07:58:15 +0200
commit21b263a88550d1da199a13d215ea1477d603b75a (patch)
tree862efb7ac1bca22c9c9b941ed1eef172ebc232a2 /application/controllers/api/v2
parentaca5b6c6362c415df501f76ef170794e77522242 (diff)
Harden XSS escaping
This could lead to XSS if the html attribute values weren't quoted with double quotes. By default htmlentities only encodes double quotes and not single quotes. If the quotes are ever changed this could lead to exploitable XSS. Signed-off-by: Florian Pritz <bluewind@xinu.at>
Diffstat (limited to 'application/controllers/api/v2')
0 files changed, 0 insertions, 0 deletions