Skip to content

Commit

Permalink
Using Json::htmlEncode() for safer JSON data encoding in HTML code …
Browse files Browse the repository at this point in the history
…(samdark, Tomasz Tokarski)
  • Loading branch information
qiangxue committed May 10, 2015
1 parent 5130677 commit 2a23275
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ Yii Framework 2 gii extension Change Log

- Bug #5098: Properly detect hasOne relations (nineinchnick)
- Bug #6667: Gii form generator rendering mistake view (pana1990)
- Bug (CVE-2015-3397): Using `Json::htmlEncode()` for safer JSON data encoding in HTML code (samdark, Tomasz Tokarski)
- Enh #2109: Added ability to generate ActiveQuery class for model (klimov-paul)
- Enh #7830: Added ability to detect relations between multiple schemas (nineinchnick)

Expand Down
2 changes: 1 addition & 1 deletion components/ActiveField.php
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ public function autoComplete($data)
foreach ($data as &$item) {
$item = ['word' => $item];
}
$this->form->getView()->registerJs("yii.gii.autocomplete($counter, " . Json::encode($data) . ");");
$this->form->getView()->registerJs("yii.gii.autocomplete($counter, " . Json::htmlEncode($data) . ");");

return $this;
}
Expand Down

0 comments on commit 2a23275

Please sign in to comment.