Fix XSS in path names of inline comment list.

2024-11-18 21:02:41 +01:00 · 2011-04-11 20:24:33 -07:00 · 2011-04-11 20:24:33 -07:00 · 1bba2c9913
commit 1bba2c9913
parent 85cc13b607
1 changed files with 1 additions and 1 deletions
--- a/src/applications/differential/view/revisioncomment/DifferentialRevisionCommentView.php
+++ b/src/applications/differential/view/revisioncomment/DifferentialRevisionCommentView.php
@ -119,7 +119,7 @@ final class DifferentialRevisionCommentView extends AphrontView {
        $inline_render[] =
          '<tr>'.
            '<th colspan="2">'.
-              $changeset->getFileName().
+              phutil_escape_html($changeset->getFileName()).
            '</th>'.
          '</tr>';
        foreach ($inlines as $inline) {