Skip to content

Commit 6f2554d

Browse files
Gabe Troyanohader
Gabe Troyan
authored and
ohader
committed
[SECURITY] Ensure text preview of multivalue items in form editor
Multivalue items in the form editor user interface were previewed as HTML, but should be treated as scalar text only. Resolves: #96743 Releases: main, 11.5, 10.4 Change-Id: I5e8dab26119490ecf19ac5d48c2bc7a5a00daaad Security-Bulletin: TYPO3-CORE-SA-2022-003 Security-References: CVE-2022-31048 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73297 Tested-by: Oliver Hader <[email protected]> Reviewed-by: Oliver Hader <[email protected]>
1 parent c93ea69 commit 6f2554d

File tree

1 file changed

+6
-6
lines changed

1 file changed

+6
-6
lines changed

typo3/sysext/form/Resources/Public/JavaScript/backend/form-editor/stage-component.js

+6-6
Original file line numberDiff line numberDiff line change
@@ -513,10 +513,10 @@ function factory($, Helper, Icons) {
513513
*/
514514
function setStageHeadline(title) {
515515
if (getUtility().isUndefinedOrNull(title)) {
516-
title = buildTitleByFormElement();
516+
title = buildTitleByFormElement().text();
517517
}
518518

519-
$(getHelper().getDomElementDataIdentifierSelector('stageHeadline')).html(title);
519+
$(getHelper().getDomElementDataIdentifierSelector('stageHeadline')).text(title);
520520
};
521521

522522
/**
@@ -981,10 +981,10 @@ function factory($, Helper, Icons) {
981981

982982
getHelper()
983983
.getTemplatePropertyDomElement('_type', template)
984-
.append(getFormElementDefinition(formElement, 'label'));
984+
.append(document.createTextNode(getFormElementDefinition(formElement, 'label')));
985985
getHelper()
986986
.getTemplatePropertyDomElement('_identifier', template)
987-
.append(formElement.get('identifier'));
987+
.append(document.createTextNode(formElement.get('identifier')));
988988
};
989989

990990
/**
@@ -1029,7 +1029,7 @@ function factory($, Helper, Icons) {
10291029

10301030
getHelper()
10311031
.getTemplatePropertyDomElement('_label', rowTemplate)
1032-
.append(collectionElementConfiguration['label']);
1032+
.append(document.createTextNode(collectionElementConfiguration['label']));
10331033
$(getHelper().getDomElementDataIdentifierSelector('validatorsContainer'), $(template))
10341034
.append(rowTemplate.html());
10351035
}
@@ -1089,7 +1089,7 @@ function factory($, Helper, Icons) {
10891089
}
10901090
}
10911091

1092-
getHelper().getTemplatePropertyDomElement('_label', rowTemplate).append(label);
1092+
getHelper().getTemplatePropertyDomElement('_label', rowTemplate).append(document.createTextNode(label));
10931093

10941094
if (isPreselected) {
10951095
getHelper().getTemplatePropertyDomElement('_label', rowTemplate).addClass(

0 commit comments

Comments
 (0)