Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Escape configuration values properly
  • Loading branch information
dvesh3 committed Jan 25, 2022
1 parent e6ff28d commit 6a85b7e
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 2 deletions.
2 changes: 1 addition & 1 deletion src/Controller/ConfigController.php
Expand Up @@ -93,7 +93,7 @@ public function listAction(Request $request): JsonResponse
if (empty($groups[$item->getGroup()])) {
$groups[$item->getGroup()] = [
'id' => 'group_' . $item->getName(),
'text' => $item->getGroup(),
'text' => htmlspecialchars($item->getGroup()),
'expandable' => true,
'leaf' => false,
'allowChildren' => true,
Expand Down
3 changes: 3 additions & 0 deletions src/Resources/public/js/configuration/graphql/configItem.js
Expand Up @@ -34,6 +34,9 @@ pimcore.plugin.datahub.configuration.graphql.configItem = Class.create(pimcore.e
componentCls: 'plugin_pimcore_datahub_statusbar',
itemId: 'footer'
},
defaults: {
renderer: Ext.util.Format.htmlEncode
},
});

//create sub panels after main panel is generated - to be able to reference it in sub panels
Expand Down
3 changes: 2 additions & 1 deletion src/Resources/public/js/workspace/abstract.js
Expand Up @@ -30,7 +30,8 @@ pimcore.plugin.datahub.workspace.abstract = Class.create({
var typesColumns = [
{text: t("path"), flex: 1, sortable: false, dataIndex: 'cpath',
editor: new Ext.form.TextField({}),
tdCls: "pimcore_property_droptarget"
tdCls: "pimcore_property_droptarget",
renderer: Ext.util.Format.htmlEncode
}
];

Expand Down

0 comments on commit 6a85b7e

Please sign in to comment.