The classes entered in the administration form are now escaped via HTML::escape before printed.
Fixes View Password - Less critical - Cross Site Scripting - SA-CONTRIB-2024-026.
VCS Label
6.0.4
Release type
Short description
Escape characters in CSS classes
Packaged Git sha1
fe9a378b4166113e387096b4b15485c976cd7859
Release files
e3af4bd7b0f14d31a925cd9f76c3e85d
Release file SHA-1 hash
04efaf960b0a88306884589eb6e1dc99f9b6e9e9
Release file SHA-256 hash
4bb130cab147140b9270bd99782929e9f39dbfd82461bedb7fbfca77eb3b3567
c484420b35809229facb5db4289ae73e
Release file SHA-1 hash
037059c0ba3c8a54901ac038b1b94e3d15671325
Release file SHA-256 hash
87b39d4cecb7d650260374b5c692728ef642446c6c1e9fabdfa0623f27efb661