fix(security): Prevent user to add html script in its preferences

2026-05-19 02:15:36 +00:00 · 2024-08-22 15:54:04 +02:00
parent 84fe91c29c
commit a7023bce16
1 changed files with 4 additions and 1 deletions
@@ -1742,9 +1742,12 @@ static NSArray *reminderValues = nil;
 - (id <WOActionResults>) saveAction
 {
  id <WOActionResults> results;
+  NSString *requestStr;
  id o, v;

-  o = [[[context request] contentAsString] objectFromJSONString];
+  requestStr = [[context request] contentAsString];
+  requestStr = [requestStr stringWithoutHTMLInjection: NO];
+  o = [requestStr objectFromJSONString];
  results = nil;

  // Proceed with data sanitization of the "defaults"