HomePhabricator

Prevent potential DOM-based XSS

Authored by Ejegg.

Description

Prevent potential DOM-based XSS

Use .text() instead of .html() when adding content from other elements.
We validate amount and currency_code pretty heavily on the way in, but
let's put on some suspenders to go with our belt.

Change-Id: I40c9b2b70ceb1775563f303ec03579202bce200d

Details

Committed
awightSep 23 2015, 5:15 PM
Parents
rEDOIca6b81688818: Merge "Pass CVN request"
Branches
Unknown
Tags
Unknown
ChangeId
I40c9b2b70ceb1775563f303ec03579202bce200d