[interchange] Fix XSS in error tag display of failed submissions

Josh Lavin interchange-cvs at icdevgroup.org
Thu Jul 25 16:26:54 UTC 2013


commit bea662dbb16afad9c683774f10c0046abc1735f9
Author: Josh Lavin <josh at perusion.com>
Date:   Thu Jul 25 09:26:22 2013 -0700

    Fix XSS in error tag display of failed submissions

 code/SystemTag/error.coretag |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)
---
diff --git a/code/SystemTag/error.coretag b/code/SystemTag/error.coretag
index 0cae2b3..e88dc1d 100644
--- a/code/SystemTag/error.coretag
+++ b/code/SystemTag/error.coretag
@@ -43,6 +43,9 @@ sub tag_error {
 		}
 		return set_error($error, $var, $opt);
 	}
+	unless(defined $opt->{filter}) {
+		$opt->{filter} = 'encode_entities';
+	}
 	my $err_ref = $Vend::Session->{errors};
 	my $text;
 	my @errors;



More information about the interchange-cvs mailing list