Merge pull request #1859 from alexxn/dev-v7

Add basic xss prevention logic
2017-04-21 13:05:40 +10:00
parent 62af834176 de9739118e
commit da8c46e426
1 changed files with 1 additions and 1 deletions
--- a/src/Umbraco.Web.UI/umbraco/users/PermissionEditor.aspx
+++ b/src/Umbraco.Web.UI/umbraco/users/PermissionEditor.aspx
@@ -27,7 +27,7 @@
 			<script type="text/javascript" language="javascript">				
 				jQuery(document).ready(function() {
 					jQuery("#<%=JTree.ClientID%>").PermissionsEditor({
-						userId: <%=Request.QueryString["id"] %>,
+						userId: <%=Request.CleanForXss("id") %>,
 						pPanelSelector: "#permissionsPanel",
 						replacePChkBoxSelector: "#chkChildPermissions"});						
 				});