-
Hugh Davenport authored
This patch fixes a stored XSS in the TinyMCE editor, which could be reproduced where the editor was present. The input was stored which meant that any future collaborators could be affected by any malicious payload in the XSS. The patch works by escaping the defaultvalue of the wsyiwyg form element, which is the value stored the database. CVE 2013-1426 Change-Id: Iecf5f1e520e6499db5a0f78493ce119a352b6a91 Signed-off-by: Aaron Wells <aaronw@catalyst.net.nz>
37172529