0084d336
 Administrator
Importers CRUD
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
# 3.0.7
## Overview
### Security: XSS in form validation errors (SS-2013-008)
See [announcement](http://www.silverstripe.org/ss-2013-008-xss-in-numericfield-validation/)
### Security: XSS in CMS "Pages" section (SS-2013-009)
See [announcement](http://www.silverstripe.org/ss-2013-009-xss-in-cms-pages-section/)
### API: Form validation message no longer allow HTML
Due to cross-site scripting concerns when user data is used for form messages,
it is no longer possible to use HTML in `Form->sessionMessage()`, and consequently
in the `FormField->validate()` API.
## Changelog
### Bugfixes
* 2013-09-24 [114fb59](https://github.com/silverstripe/sapphire/commit/114fb59) Auto-escape titles in TreeDropdownField (Ingo Schommer)
* 2013-09-24 [e170f4c](https://github.com/silverstripe/silverstripe-cms/commit/e170f4c) Escaping in "dependent pages" (SS-2013-009) (Ingo Schommer)
* 2013-09-20 [b383a07](https://github.com/silverstripe/sapphire/commit/b383a07) Fixing tabindex added to CreditCardField when tabindex is NULL (Sean Harvey)
* 2013-09-20 [c453ea3](https://github.com/silverstripe/sapphire/commit/c453ea3) Fixing tabindex added to CreditCardField when tabindex is NULL (Sean Harvey)
|
