Skip to content

Commit b21663f

Browse files
AngelFQCAngelFQC
committed
Course description: Remove XSS when showing title
See advisory GHSA-p32q-6gh3-3gcv
1 parent 3534fec commit b21663f

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

main/inc/lib/course.lib.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3481,7 +3481,7 @@ public static function get_details_course_description_html(
34813481
);
34823482
$data .= '</a> ';
34833483
}
3484-
$data .= $description->getTitle();
3484+
$data .= Security::remove_XSS($description->getTitle());
34853485
$data .= '</div>';
34863486
$data .= '<div class="sectioncomment">';
34873487
$data .= Security::remove_XSS($description->getContent());

0 commit comments

Comments
 (0)