From 6bdbd673cd15ea4c32d4a3ae66c7a4dc72dca628 Mon Sep 17 00:00:00 2001 From: "yair.ansbacher" Date: Tue, 26 May 2020 15:05:26 +0300 Subject: [PATCH] fix(FEC-10103): escape quotes with htmlspecialchars() (#4159) --- mwEmbedLoader.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mwEmbedLoader.php b/mwEmbedLoader.php index 863b24c44a..ac03b6b029 100644 --- a/mwEmbedLoader.php +++ b/mwEmbedLoader.php @@ -105,7 +105,7 @@ function output(){ // check for non-fatal errors: if( $this->getError() ){ - echo "if( console ){ console.log('" . json_encode($this->getError()) . "'); }"; + echo "if( console ){ console.log('" . json_encode(htmlspecialchars( is_string($this->getError()) ? $this->getError() : json_encode($this->getError()), ENT_QUOTES)) . "'); }"; } // output the script output echo $o;