Escape error defaultMessage strings due to possibility of user input being present

gpc / fields

a spiritual successor to the bean-fields plugin

http://gpc.github.io/fields/

84 stars 104 forks source link

Escape error defaultMessage strings due to possibility of user input being present #322

Closed bkoehm closed 1 year ago

bkoehm commented 1 year ago

If field validation error codes are unresolved and fallback to the defaultMessage on the error, this defaultMessage must be escaped due to the possibility of user input being in the error message. Fixes issue #323.