News:

Looking for documentation? Take a look on our wiki

Main Menu

Custom field inputs non-sanitized

Started by balai, October 27, 2015, 13:02:20 PM

Previous topic - Next topic

balai

I tried entering some scripts or html as values in string custom fields and they are entered normally.

I suppose that since they are simple strings such characters should be cleaned

Also noticed that they are displayed in the front-end without being cleaned or encoded either

Milbo

Because you are admin. Check the same as non admin, or take a look in the ACL to get the difference.
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/