Commit f3ab5d99 by Carsten Brandt

encode email in Formatter

avoid XSS with emails in format "Carsten Brandt <mail@cebe.cc>"
parent 248e0cb9
...@@ -190,7 +190,7 @@ class Formatter extends Component ...@@ -190,7 +190,7 @@ class Formatter extends Component
if ($value === null) { if ($value === null) {
return $this->nullDisplay; return $this->nullDisplay;
} }
return Html::mailto($value); return Html::mailto(Html::encode($value), $value);
} }
/** /**
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment