Closed sandbergja closed 3 months ago
If quotes are not HTML-encoded, they will close the title attribute and potentially print a lot of junk to the screen or allow an XSS vulnerability.
This was not needed for discoveryutils, since discoveryutils used PHP's htmlspecialchars function to html-encode these quotes on the server side.
If quotes are not HTML-encoded, they will close the title attribute and potentially print a lot of junk to the screen or allow an XSS vulnerability.
This was not needed for discoveryutils, since discoveryutils used PHP's htmlspecialchars function to html-encode these quotes on the server side.