In the admin template products.index.php, near lines 263 and 266, the <textarea> has a test to make sure there is content before using it as an argument for htmlentities().
There is no such test for the translation <textarea> near lines 761 and 764.
Suggest all <textarea> (category, category trans, offline, copyright, etc) get the test if being an argument for htmlentities().
Any difference between the variable modifier |escape:"html" vs as an argument to htmlentities()?
"html" = htmlspecialchars()
"htmlall" = htmlentities()
In the admin template products.index.php, near lines 263 and 266, the
<textarea>
has a test to make sure there is content before using it as an argument forhtmlentities()
.There is no such test for the translation
<textarea>
near lines 761 and 764.Suggest all
<textarea>
(category, category trans, offline, copyright, etc) get the test if being an argument forhtmlentities()
.Any difference between the variable modifier
|escape:"html"
vs as an argument tohtmlentities()
? "html" = htmlspecialchars() "htmlall" = htmlentities()