Skip to content

555 - Fix HTML value not escaped in DataField #556

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jan 24, 2018
Merged

555 - Fix HTML value not escaped in DataField #556

merged 2 commits into from
Jan 24, 2018

Conversation

Akryum
Copy link
Member

@Akryum Akryum commented Jan 24, 2018

Fields of type 'String': formatted value is now escaped, fix #555

@Akryum Akryum self-assigned this Jan 24, 2018
@Akryum Akryum added this to the v4.1.1 milestone Jan 24, 2018
michalsnik
michalsnik reviewed Jan 24, 2018
View reviewed changes
src/util.js
const ESC = {
'<': '&lt;',
'>': '&gt;',
'"': '&quot;',
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't we need to add = and ' too?

@Akryum
Copy link
Member Author

Akryum commented Jan 24, 2018 via email

@michalsnik michalsnik merged commit fb782d3 into vuejs:master Jan 24, 2018
@Akryum Akryum deleted the 555-escape-html-value branch January 25, 2018 09:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michalsnik michalsnik michalsnik approved these changes

@yyx990803 yyx990803 Awaiting requested review from yyx990803

@posva posva Awaiting requested review from posva

Assignees

@Akryum Akryum

Labels
enhancement semver-patch
Projects
None yet
Milestone
v4.1.1
Development

Successfully merging this pull request may close these issues.
2 participants
@Akryum @michalsnik