HomePhabricator

[SECURITY] Run stored, user-generated input from DB through htmlspecialchars()…

Description

[SECURITY] Run stored, user-generated input from DB through htmlspecialchars() to avoid stored XSS originating from PictureGame/PollNY/QuizGame data

(also "squashing" 58846eb9687e1ba236cadaa933d7f1cd318c40fc as it
does not appear to have been backported to release branches and
conflicts)

Bug: T266400
Change-Id: I497d2076038f75c9eb77e0e250f2af56f5bd2bfc

Details

Provenance
sbassettAuthored on Oct 26 2020, 7:47 PM
Parents
rERGUb9b44c9e4346: build: Updating lodash to 4.17.15
Branches
Unknown
Tags
Unknown
References
REL1_34
ChangeId
I497d2076038f75c9eb77e0e250f2af56f5bd2bfc