#11795 Prevent XSS attack in site news page

This commit is contained in:
miguel angel rasteu 2023-07-28 12:36:10 +02:00
parent 319a4e1743
commit cf7b123eb0

View File

@ -259,6 +259,8 @@ if (!empty($news)) {
$output_news .= '</div></div>';
} else {
$text = str_replace('<script', '&lt;script', $text);
$text = str_replace('</script', '&lt;/script', $text);
$output_news .= nl2br($text);
}