-
Michael Hamann authored
Before this change, HTML and some JS code (as far as it was not escaped by json_encode) could be injected into the output as the closing pattern that is checked by the regex is not escaped in JSON (see test case).
Michael Hamann authoredBefore this change, HTML and some JS code (as far as it was not escaped by json_encode) could be injected into the output as the closing pattern that is checked by the regex is not escaped in JSON (see test case).
Code owners
Assign users and groups as approvers for specific file changes. Learn more.