fix: Allow html but not script, head and html tags in notes widget #4898 (#5006)

2024-10-07 16:52:45 +00:00 · 2016-11-26 20:54:49 +00:00
parent 3e2288404e
commit 78f5c26cd6
379 changed files with 33730 additions and 3 deletions
--- a/html/includes/common/notes.inc.php
+++ b/html/includes/common/notes.inc.php
@@ -33,5 +33,5 @@ if (defined('SHOW_SETTINGS') || empty($widget_settings)) {
        </div>
    </form>';
 } else {
-    $common_output[] = stripslashes(nl2br(htmlentities($widget_settings['notes'])));
+    $common_output[] = nl2br(display($widget_settings['notes']));
 }