This repository has been archived on 2023-03-18. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
osr-discourse-src/app/assets/javascripts/select-kit/addon/templates
David Taylor 0f7b198ca0 FIX: Ensure values are escaped in select-kit dropdowns (#16576)
The values in Discourse dropdown menus only come from admin-defined strings, not unsanitised end-user input, so this lack of escaping was not exploitable.
2022-04-28 08:52:29 +01:00
..