Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wiki.techinc.nl/includes/htmlform
History
Daimona Eaytoy 449e0ed49d SECURITY: escape section labels in HTMLMultiSelectField 
CVE-2025-3469

Only use HtmlSnippet when the labels are not coming from a message, to
avoid XSS-via-i18n vulnerabilities.

Bug: T358689
Change-Id: If91500bc76b3ed8cdc58da4f9de326df6d201398
2025-04-10 15:56:06 +01:00
..
fields SECURITY: escape section labels in HTMLMultiSelectField 2025-04-10 15:56:06 +01:00
CodexHTMLForm.php Use explicit nullable type on parameter arguments 2024-10-16 20:58:33 +02:00
CollapsibleFieldsetLayout.php
HTMLForm.php htmlform: Allow MessageParam on HTMLForm::addButton for label-message 2024-10-26 23:12:51 +00:00
HTMLFormActionFieldLayout.php
HTMLFormElement.php htmlform: Add missing documentation to class properties 2024-09-14 11:49:05 +00:00
HTMLFormField.php htmlform: Add missing documentation to class properties 2024-09-14 11:49:05 +00:00
HTMLFormFieldLayout.php
HTMLFormFieldRequiredOptionsException.php
HTMLNestedFilterable.php
OOUIHTMLForm.php Use explicit nullable type on parameter arguments 2024-10-16 20:58:33 +02:00
VFormHTMLForm.php Use explicit nullable type on parameter arguments 2024-10-16 20:58:33 +02:00