rmrevin
commented
7 years ago Hi. Thanks for issue. We need a unit test to fix the problem.
Open SerikK opened 7 years ago
rmrevin
commented
7 years ago Hi. Thanks for issue. We need a unit test to fix the problem.
Hi! I have detected that there is xss attack not prevented. I guess because of these code ` $comments[$Comment->id] = $Comment->attributes;
$CommentListWidget ->getView() ->registerJs('jQuery("#' . $CommentListWidget->options['id'] . '").yiiCommentsList(' . Json::encode($comments) . ');');` As can be seen from these codes there seems to be no encoding of each attributes in Comment object.