diff options
| author | Rafael de Camargo <rafacamargo123@gmail.com> | 2019-07-23 01:26:03 -0300 |
|---|---|---|
| committer | Rafael de Camargo <rafacamargo123@gmail.com> | 2019-07-23 01:26:03 -0300 |
| commit | 21a3634fd131a0f1d6128c27ea6c582661a863f0 (patch) | |
| tree | 8d17b0179e7978883e8c70927959cc0c2c5a61b8 /app | |
| parent | 97aa9e47e0386abb307fa482ce79e076e1515e29 (diff) | |
Fix html parsing on markdown editor
Closes #4243
Diffstat (limited to 'app')
| -rw-r--r-- | app/Helper/FormHelper.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/Helper/FormHelper.php b/app/Helper/FormHelper.php index c6948a22..d933b2f6 100644 --- a/app/Helper/FormHelper.php +++ b/app/Helper/FormHelper.php @@ -232,7 +232,7 @@ class FormHelper extends Base } $html = '<div class="js-text-editor" data-params=\''.json_encode($params, JSON_HEX_APOS).'\'>'; - $html .= '<script type="text/template">'.(isset($values[$name]) ? $values[$name] : '').'</script>'; + $html .= '<script type="text/template">'.(isset($values[$name]) ? htmlspecialchars($values[$name], ENT_QUOTES, 'UTF-8', true) : '').'</script>'; $html .= '</div>'; $html .= $this->errorList($errors, $name); |