yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Ensures the cleaned value isn't double html encoded

Browse Source
This commit is contained in:
Shannon
2016-12-05 17:21:24 +11:00
parent 90f30c3f3c
commit 4823235bf5
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/Umbraco.Web/PropertyEditors/TagsPropertyEditor.cs
View File

@@ -63,7 +63,12 @@ namespace Umbraco.Web.PropertyEditors
var json = editorValue.Value as JArray;
return json == null
? null
: json.Select(x => x.Value<string>()).Where(x => x.IsNullOrWhiteSpace() == false).Select(WebUtility.HtmlEncode);
: json.Select(x => x.Value<string>()).Where(x => x.IsNullOrWhiteSpace() == false)
//First we will decode it as html because we know that if this is not a malicious post that the value is
// already Html encoded by the tags JavaScript controller. Then we'll re-Html Encode it to ensure that in case this
// is a malicious post (i.e. someone is submitting data manually by modifying the request).
.Select(WebUtility.HtmlDecode)
.Select(WebUtility.HtmlEncode);
}
/// <summary>