-
Hugh Davenport authored
Bug #1063480 CVE-2012-2243 If a user modifies a form in such as way that an error is caused based on their input there is a possible XSS avenue. This was displayed in the user/group CSV uploads, with a malicious script in the header which causes a CSV parsing error and was then passed back to the user verbatim. This patch escapes all error messages in the pieform error output. Change-Id: I136546266115faa92b727317d6539518d73aea55 Signed-off-by: Hugh Davenport <hugh@catalyst.net.nz>
c3fb9200