Describe the bug
If a user enters something unsavoury, like <script>, or even:
<script>
alert("Breaking your site");
</script>
It seems to break things. That specific example, on a {{ title }} text input field redirected me to /!/Workshop/entryUpdate with a 403 error.
Using strip_tags isn’t beneficial as this is happening on an input rather than output.
Expected behavior
Expect input to be stripped of HTML tags.
Environment details:
- Workshop Version: 1.1.3
- Statamic Version: 2.11.20
- Fresh Install or Upgrade: No
- OS: macOS 10.15.4
- Browser: Any
- Web Server: Apache
- PHP Version: 7.2
Describe the bug
If a user enters something unsavoury, like
<script>, or even:It seems to break things. That specific example, on a
{{ title }}text input field redirected me to/!/Workshop/entryUpdatewith a 403 error.Using
strip_tagsisn’t beneficial as this is happening on an input rather than output.Expected behavior
Expect input to be stripped of HTML tags.
Environment details: