MantisBT: master-2.1 a85b0b96

Author Committer Branch Timestamp Parent
vboctor vboctor master-2.1 2017-02-12 18:58:25 master-2.1 40b62c37
Affected Issues  0022266: CVE-2017-7222: Sanitize window title
Changeset

Sanitize window title

The window title is not sanitized. That is not an issue when CSP is enable (default),
but if disabled, it can execute javascript that is set by a user who has access
to set configuration via Manage - Manage Configuration - Configuration Report page.

Fixes 0022266

mod - core/layout_api.php Diff File