Prevent arbritary js code from beign returned from the database

Signed-off-by: Adam Warner <[email protected]>
paul-man · Aug 4, 2021 · 8066069 · 8066069
1 parent 7e602e0
commit 8066069
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/scripts/pi-hole/php/groups.php b/scripts/pi-hole/php/groups.php
@@ -510,6 +510,9 @@ function JSON_error($message = null)
  $res['domain'] = $utf8_domain.' ('.$res['domain'].')';
  }
  }
+ // Prevent domain and comment fields from returning any arbitary javascript code which could be executed on the browser.
+ $res['domain'] = htmlentities($res['domain']);
+ $res['comment'] = htmlentities($res['comment']);
  array_push($data, $res);
  }