search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
(parent: 679dba0) | patch
fix: enforce optional svg & prevent arbitrary html in html_btn
commite824d633ab4483d3afbea66545fb619bd57a4156
authorMichael Große <grosse@cosmocode.de>
Fri, 19 Jan 2018 15:32:22 +0000 (19 16:32 +0100)
committerMichael Große <grosse@cosmocode.de>
Fri, 19 Jan 2018 15:32:22 +0000 (19 16:32 +0100)
treeaf18d7431d3774a83f3ace14e18fe04e2426cd5ctree | snapshot (tar.gz zip)
parent679dba01b427ea0357528be367261c2d30a26b22commit | diff
fix: enforce optional svg & prevent arbitrary html in html_btn

To prevent abusing this functionality for inserting arbitrary html,
inlineSVG is now called inside the html_btn function.
inc/Menu/Item/AbstractItem.php diff | blob | blame | history
inc/html.php diff | blob | blame | history