Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
XSS can be exploited, but only from trusted users ("administer site configuration" permission).
Comment | File | Size | Author |
---|---|---|---|
#1 | token-1894890-custom_date_format_xss.patch | 705 bytes | grisendo |
Comments
Comment #1
grisendo CreditAttribution: grisendo commentedI attach a patch
Comment #2
grisendo CreditAttribution: grisendo commentedComment #3
Dave ReidThanks, committed #1 to Git. http://drupalcode.org/project/token.git/commit/75a5414