This should eliminate the risk of injecting JS into form field values.
Adding backslashes or quotes in any of the fields will result in a backslash-escaped value. SHould these values be stored more than once the amount of backslashes will exponentially grow. This is a sideeffect of these values not being expected in the fields in the first place.
This should also fix CVE-2023-41655 as now injecting JS will no longer result in that being executed in the UI.
This should eliminate the risk of injecting JS into form field values.
Adding backslashes or quotes in any of the fields will result in a backslash-escaped value. SHould these values be stored more than once the amount of backslashes will exponentially grow. This is a sideeffect of these values not being expected in the fields in the first place.
This should also fix CVE-2023-41655 as now injecting JS will no longer result in that being executed in the UI.
For more discussion around this CVE see https://github.com/heiglandreas/authLdap/issues/237