Omega does not properly escape the site_name variable when it uses it for the alt or title attributes in the $logo_img and $linked_logo_img template variables.

This means if a site_name has any html code in it, that rendering the logo image in the page could render undesired (eg xss) html codes.

Patch coming below.

Comments

Status:Active» Needs review
StatusFileSize
new7.59 KB

This patch also cleans up a bunch of whitespace issues in the template.php file.

Status:Needs review» Fixed

Commited. Thanks

Status:Fixed» Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.