This patch removes remaining instances of <RawHTML> from the plugin blocks and replaces it with decodeEntities().
Testing
This patch affects the feedback and NPS blocks. They should still work as expected and you shouldn't be able to embed XSS payloads inside either of their fields.
Followup on #252.
This patch removes remaining instances of
<RawHTML>
from the plugin blocks and replaces it withdecodeEntities()
.Testing
This patch affects the feedback and NPS blocks. They should still work as expected and you shouldn't be able to embed XSS payloads inside either of their fields.