Fixed potential XSS injection vectors in datatables columns

2025-07-21 03:14:52 +02:00 · 2023-02-26 01:23:36 +01:00 · 2023-02-26 01:23:36 +01:00 · 83cd91f1d1
commit 83cd91f1d1
parent 5f39d8e594
6 changed files with 10 additions and 10 deletions
--- a/src/DataTables/Column/EntityColumn.php
+++ b/src/DataTables/Column/EntityColumn.php
@ -79,7 +79,7 @@ class EntityColumn extends AbstractColumn
                        return sprintf(
                            '<a href="%s">%s</a>',
                            $this->urlGenerator->listPartsURL($entity),
-                            $entity->getName()
+                            htmlspecialchars($entity->getName())
                        );
                    }

--- a/src/DataTables/Column/SIUnitNumberColumn.php
+++ b/src/DataTables/Column/SIUnitNumberColumn.php
@ -50,6 +50,6 @@ class SIUnitNumberColumn extends AbstractColumn
            return '';
        }

-        return $this->formatter->format((float) $value, $this->options['unit'], $this->options['precision']);
+        return htmlspecialchars($this->formatter->format((float) $value, $this->options['unit'], $this->options['precision']));
    }
 }