wordpress-github icon indicating copy to clipboard operation
wordpress-github copied to clipboard
verified publisher icon katzgrau

HTML entities need to be escaped in views/admin.php

Open SimonGreenhill opened this issue 14 years ago • 0 comments

The HTML entities in the user input in views/admin.php need to be escaped. If they're not, then we run the risk of the page breaking if the user enters something like

    .. in one of the input boxes. The worst case scenario is a potential XSS attack.

SimonGreenhill avatar Nov 29 '11 00:11 SimonGreenhill