In the admin template products.index.php, near lines 263 and 266, the <textarea> has a test to make sure there is content before using it as an argument for htmlentities().
There is no such test for the translation <textarea> near lines 761 and 764.
Suggest all <textarea> (category, category trans, offline, copyright, etc) get the test if being an argument for htmlentities().
Any difference between the variable modifier |escape:"html" vs as an argument to htmlentities()?
"html" = htmlspecialchars()
"htmlall" = htmlentities()
In the admin template products.index.php, near lines 263 and 266, the
<textarea>has a test to make sure there is content before using it as an argument forhtmlentities().There is no such test for the translation
<textarea>near lines 761 and 764.Suggest all
<textarea>(category, category trans, offline, copyright, etc) get the test if being an argument forhtmlentities().Any difference between the variable modifier
|escape:"html"vs as an argument tohtmlentities()? "html" = htmlspecialchars() "htmlall" = htmlentities()