OroCRM Forums

Covering OroCRM topics, including community updates and company announcements.

Forums Forums OroCRM OroCRM – Security HTML not escaped in custom fields

This topic contains 0 replies, has 1 voice, and was last updated by Damien LE TROHER Damien LE TROHER 6 years, 9 months ago.

Starting from March 1, 2020 the forum has been switched to the read-only mode. Please head to StackOverflow for support.

  • Creator
    Topic
  • #27958
    Damien LE TROHER
    Damien LE TROHER
    Participant

    Hi again,

    When I add some HTML in a custom text field (tried on contact form), it is not escaped… I can add something like

    It break the page ;).


    Damien LE TROHER
    SYNOLIA – Division Ecommerce

The forum ‘OroCRM – Security’ is closed to new topics and replies.

You will be redirected to [title]. Would you like to continue?

Yes No