Remove FORM tags from HTML when editing threads - GHSA-985r-6qfc-hg8m

freescout-help-desk · May 5, 2024 · ce5c85f · ce5c85f
1 parent 2614514
commit ce5c85f
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/app/Http/Controllers/ConversationsController.php b/app/Http/Controllers/ConversationsController.php
@@ -1960,6 +1960,7 @@ public function ajax(Request $request)
                         'thread' => $thread
                     ];
                     $response['html'] = \View::make('conversations/partials/edit_thread')->with($data)->render();
+                    $response['html'] = \Helper::stripDangerousTags($response['html']);
 
                     $response['status'] = 'success';
                 }