3.6.10 label field sanitation (unable to include HTML)

  • Resolved martinskou

    (@martinskou)


    2 years, 5 months ago

    In 3.6.10 the fields label is sanitized and HTML-encoded before rendered.

    We use multiple forms across many sites which have a checkbox with a label. This label includes a HTML link to terms & conditions, GDPR conditions, etc.

    These labels now show the encoded/raw HTML, instead of the link.

    From changelog:
    Security Enhancements
    *Improve sanitization of label values

    This is a breaking change from previous version. I do not understand the introduction of breaking changes in minor 0.0.1 updates.

    And I dont understand that this is a security issue at all, as the label is created by a trusted administrator.

    Is there a way to circumvent this new feature?

Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘3.6.10 label field sanitation (unable to include HTML)’ is closed to new replies.