Some values retrieved from hooks and displayed on administrative forms are not properly escaped. This is not a security issue since the data is more or less trusted and not user generated, but it still should be escaped to adhere to best practices.

Comments

cpliakas’s picture

cpliakas commented
Status: Active » Fixed

Fixed in commit #299802.

Status: Fixed » Closed (fixed)
Issue tags: -6.x-2.0-rc2

Automatically closed -- issue fixed for 2 weeks with no activity.

Issue tags: +6.x-2.0-rc2

Restoring issue tags, see #2125755: System messages removed all issue tags during D7 upgrade.