Skip to content
Snippets Groups Projects

HTML injection fix for compose email popup

Merged HTML injection fix for compose email popup
security_fix into 7.4.0
Merged Greeshma requested to merge security_fix into 7.4.0
Compare
and
+ 1
1
Compare changes
  • Side-by-side
  • Inline
layouts/v7/modules/Vtiger/ComposeEmailForm.tpl
+ 1
1
@@ -47,7 +47,7 @@
</div>
<div class="col-lg-6">
{if !empty($TO)}
{assign var=TO_EMAILS value=","|implode:$TO}
{assign var=TO_EMAILS value=","|implode:$TO|htmlentities}
{/if}
<input id="emailField" style="width:100%" name="toEmail" type="text" class="autoComplete sourceField select2" data-rule-required="true" data-rule-multiEmails="true" value="{$TO_EMAILS}" placeholder="{vtranslate('LBL_TYPE_AND_SEARCH',$MODULE)}">
</div>

Copyright 2023 Vtiger. All rights reserved.