mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-07-24 04:44:35 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Properly escape user provided data in trans with data to prevent possible XSS attack vectors.

Browse source
This commit is contained in:
Jan Böhmer 2023-02-26 00:41:08 +01:00
parent 5b7f44f4ea
commit 6ff60e556e
3 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
templates/admin/base_admin.html.twig
View file

@ -37,7 +37,7 @@
<fieldset>
<legend>
{% if entity.ID %}
<strong>{% block edit_title %}{% trans with {'%name': entity.name} %}edit.caption{% endtrans %}{% endblock %}</strong>
<strong>{% block edit_title %}{% trans with {'%name': entity.name|escape } %}edit.caption{% endtrans %}{% endblock %}</strong>
{% if timeTravel is defined and timeTravel is not null %}
({{ timeTravel|format_datetime('short') }})
{% endif %}