#446 XSS vector through the page title

SVN:trunk[1562]
2026-04-24 02:58:43 +02:00 · 2011-09-08 10:30:18 +00:00
parent 06e9bd0c25
commit 205e80f8a5
4 changed files with 6 additions and 6 deletions
--- a/application/webpage.class.inc.php
+++ b/application/webpage.class.inc.php
@@ -366,7 +366,7 @@ class WebPage
        echo "<html>\n";
        echo "<head>\n";
 		echo "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n";
-        echo "<title>{$this->s_title}</title>\n";
+        echo "<title>".htmlentities($this->s_title, ENT_QUOTES, 'UTF-8')."</title>\n";
        echo $this->get_base_tag();
        foreach($this->a_linked_scripts as $s_script)
        {