Closed cairocoder01 closed 1 year ago
If a post (my example is a group) has an apostrophe in the name (e.g. John Doe's Wife), clicking the name at the top of the Group Updates link does not do anything because it is not escaped properly.
It ends up rendering like this:
<tr onclick="get_assigned_post_details('999', 'John Doe's Wife');">
If a post (my example is a group) has an apostrophe in the name (e.g. John Doe's Wife), clicking the name at the top of the Group Updates link does not do anything because it is not escaped properly.
It ends up rendering like this: