escape to inputs
-
Hi
I had an issue with the plugin on input field there is no escape and than in firefox When some one insert in the user name :
\” onmouseover=prompt(654654) //and submit it on input hover alert will show up.
I added an esc_attr function on the inputs.
If you can add esc_attr to all attr will be very helpful$username val = esc_attr(((isset($_POST[‘log’]) && !empty($_POST[‘log’]))?$_POST[‘log’]:””));
Thanks
Andrew
- The topic ‘escape to inputs’ is closed to new replies.