Unescaped variables

  • Ben Greeley

    (@bengreeley)


    9 years ago

    Greetings Formstack Devs,

    We’re looking to use this plugin for a client and noticed that there are a number of unescaped variables being output. To make this plugin safe, I’d like to request the following changes be implemented with the plugin. I couldn’t find a Git repository to contribute to, so I have a commit with the changes here:

    https://github.com/bengreeley/formstack/commit/73a576d67545bdde298f1f12699c3440ae78ea58

    Please let me know if it would be possible to implement these changes with the plugin.

    Thanks!

Viewing 1 replies (of 1 total)
  • Plugin Author Michael Beckwith

    (@tw2113)

    The BenchPresser

    9 years ago

    Good day @bengreeley

    With the most recent versions of the plugin, we have definitely worked to address topics like this. However, as you’ve noted, we didn’t end up covering all potential spots. Some of those, as is, are actually going to “break” some existing used html, like the <strong> tag and some links that end up in the middle of text. Others are most definitely valid though. I have made the changes for the spots that do make sense, but it’s not all of them.

    Willing to discuss or comment inline on the ones not being used from your commit if you want. Let me know.

Viewing 1 replies (of 1 total)

The topic ‘Unescaped variables’ is closed to new replies.