Escaping content for prevention of XSS attacks.

codeigniter4 · Jul 18, 2024 · 1829443 · 1829443
1 parent ba9ee48
commit 1829443
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/Views/magic_link_form.php b/src/Views/magic_link_form.php
@@ -10,12 +10,12 @@
             <h5 class="card-title mb-5"><?= lang('Auth.useMagicLink') ?></h5>
 
                 <?php if (session('error') !== null) : ?>
-                    <div class="alert alert-danger" role="alert"><?= session('error') ?></div>
+                    <div class="alert alert-danger" role="alert"><?= esc(session('error')) ?></div>
                 <?php elseif (session('errors') !== null) : ?>
                     <div class="alert alert-danger" role="alert">
                         <?php if (is_array(session('errors'))) : ?>
                             <?php foreach (session('errors') as $error) : ?>
-                                <?= $error ?>
+                                <?= esc($error) ?>
                                 <br>
                             <?php endforeach ?>
                         <?php else : ?>