Escape site_name in Logo image alt / title text [#1395848]

Posted by jwilson3 on January 6, 2012 at 2:01am

3 followers

Issue Summary

Omega does not properly escape the site_name variable when it uses it for the alt or title attributes in the $logo_img and $linked_logo_img template variables.

This means if a site_name has any html code in it, that rendering the logo image in the page could render undesired (eg xss) html codes.

Patch coming below.

Comments

#1

Posted by jwilson3 on January 6, 2012 at 2:08am

Status:

active

» needs review

This patch also cleans up a bunch of whitespace issues in the template.php file.

Attachment	Size	Status	Test result	Operations
omega-escape-sitename-in-logo-attributes-1395848.patch	7.59 KB	Ignored: Check issue status.	None	None

#2

Posted by fubhy on January 30, 2012 at 7:03pm

Status:

needs review

» fixed

Commited. Thanks

#3

Posted by System Message on February 13, 2012 at 7:50pm

Status:

fixed

» closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

Project:	Omega
Version:	7.x-3.x-dev
Component:	Code
Category:	bug report
Priority:	normal
Assigned:	Unassigned
Status:	closed (fixed)

Escape site_name in Logo image alt / title text

Jump to:

Issue Summary

Comments

#1

#2

#3