collectiveaccess
commented
2 years ago Striptags() is not enough. HTMLPurifier must be used. I'll add that shortly.
Closed gautiermichelin closed 2 years ago
collectiveaccess
commented
2 years ago Striptags() is not enough. HTMLPurifier must be used. I'll add that shortly.
collectiveaccess
commented
2 years ago Will merge as HTML tags aren't needed in these inputs.
Strip tags to sanitize input in User profile and in Tags & Comments. I had a mail from Etat.ge.ch audit firm that reports this as XSS injection risk in their automated tool.