Merge pull request #759 from noobpk/noobpk-fix-xss

Add `htmlspecialchars` function for nameTag
krayin · Nov 29, 2021 · 093e62a · 093e62a
2 parents 003545e + d0fd404
commit 093e62a
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/packages/Webkul/Admin/src/DataGrids/Setting/TagDataGrid.php b/packages/Webkul/Admin/src/DataGrids/Setting/TagDataGrid.php
@@ -91,7 +91,7 @@ public function addColumns()
                 $html = '<span style="background: ' . ($row->color ?? '#546E7A') . ';width: 15px;height: 15px;margin-top: 3px;border-radius: 50%;float: left;margin-right: 10px;box-shadow: 0px 4px 15.36px 0.75px rgb(0 0 0 / 10%), 0px 2px 6px 0px rgb(0 0 0 / 15%);"></span>';
 
 
-                return $html . $row->name;
+                return $html . htmlspecialchars($row->name);
             },
         ]);