Closed mikemolenda closed 7 years ago
This prevents cross-site scripting. Currently, if a user's email address is added to the database with a script like '", it will run the script when retrieved. See: http://bit.ly/2qDLDDW
5/8/17 Added org.apache.commons.lang3.StringEscapeUtils.escapeHtml4() to all getString data access statements in
This prevents cross-site scripting. Currently, if a user's email address is added to the database with a script like '", it will run the script when retrieved. See: http://bit.ly/2qDLDDW