Details
-
Bug
-
Resolution: Fixed
-
Critical
-
4.12.2
-
None
-
None
-
Informal
-
Security
Description
The rendering of names provided as values for the select parameter are rendered as specified. They must be encoded.
Other than for the template use case there is no use case for having HTML code in this case. Therefore the strict HTML encoding system property must not be applied here.
