Commit aad86b66 authored by Francois Marier's avatar Francois Marier
Browse files

Pieforms: harden custom renderer against potential XSS attacks


Signed-off-by: default avatarFrancois Marier <francois@catalyst.net.nz>
parent 649764b6
......@@ -62,10 +62,10 @@ function pieform_renderer_maharatable(Pieform $form, $element) {
$result = '';
if (isset($element['labelhtml']) && $element['labelhtml'] !== '') {
$result .= "\t<tr";
$result .= ' id="' . $formname . '_' . $element['name'] . '_header"';
$result .= ' id="' . $formname . '_' . Pieform::hsc($element['name']) . '_header"';
// Set the class of the enclosing <tr> to match that of the element
if ($element['class']) {
$result .= ' class="' . $element['class'] . '"';
$result .= ' class="' . Pieform::hsc($element['class']) . '"';
}
$result .= ">\n\t\t";
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment