Cavemanon/piratepoet
7
Fork 0
Code Pull Requests Actions Releases 16 Activity

Use proper escaping function in option inner html

Browse Source 
[MAILPOET-5233]
This commit is contained in:
Rostislav Wolny
2023-04-17 09:13:33 +02:00
committed by Aschepikov
parent 94eeae5626
commit 4f42fa86a3
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
mailpoet/lib/Form/Block/Select.php
View File

@ -51,7 +51,7 @@ class Select {
if (!empty($block['params']['required'])) { if (!empty($block['params']['required'])) {
$label .= ' *'; $label .= ' *';
} }
$html .= '<option value="" disabled selected hidden>' . $this->wp->escAttr($label) . '</option>'; $html .= '<option value="" disabled selected hidden>' . $this->wp->escHtml($label) . '</option>';
} else { } else {
if (empty($block['params']['required'])) { if (empty($block['params']['required'])) {
$html .= '<option value="">-</option>'; $html .= '<option value="">-</option>';