Mirrors/Part-DB-server
2
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2026-03-19 05:38:54 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fixed potential XSS injection vectors in datatables columns

Browse Source
This commit is contained in:
Jan Böhmer
2023-02-26 01:23:36 +01:00
parent 5f39d8e594
commit 83cd91f1d1
6 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/DataTables/Column/SIUnitNumberColumn.php
View File

@@ -50,6 +50,6 @@ class SIUnitNumberColumn extends AbstractColumn
return '';
}
return $this->formatter->format((float) $value, $this->options['unit'], $this->options['precision']);
return htmlspecialchars($this->formatter->format((float) $value, $this->options['unit'], $this->options['precision']));
}
}