Commit 9710ead5 authored by Nigel McNie's avatar Nigel McNie Committed by Nigel McNie
Browse files

Escape the value of the input box.

parent df9113cd
......@@ -32,7 +32,7 @@ defined('INTERNAL') || die();
function form_render_text($element, $form) {
return '<input type="text"'
. Form::element_attributes($element)
. ' value="' . $form->get_value($element) . '">';
. ' value="' . hsc($form->get_value($element)) . '">';
}
?>
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment