Home Explore Help
Sign In
githab
/
cakephp
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Using h() to encode validation messages

Jeremy Harris 8 years ago
parent
4a9813f14d
commit
fcdd37f765
1 changed files with 1 additions and 1 deletions
Split View Show Diff Stats
  1. 1 1
      src/View/Helper/FormHelper.php

+ 1 - 1
src/View/Helper/FormHelper.php
View File 

@@ -1437,7 +1437,7 @@ class FormHelper extends Helper
 
 
         $message = $context->getRequiredMessage($fieldName);
 
         if ($options['required'] && $message && $this->getConfig('useValidationMessages')) {
 
-            $message = htmlspecialchars(addslashes($message));
 
+            $message = h(addslashes($message));
 
             $options['oninvalid'] = "this.setCustomValidity('$message')";
 
             $options['onvalid'] = "this.setCustomValidity('')";
 
         }