- Issue created by @prudloff
- Status changed to Needs review
9 months ago 8:58am 12 March 2024 - Status changed to Needs work
9 months ago 5:58pm 12 March 2024 - 🇫🇷France prudloff Lille
The Html class is not called correctly (the namespace is missing):
Class "Drupal\facets_autocomplete\Plugin\facets\widget\Html" not found - Status changed to Needs review
9 months ago 4:26am 13 March 2024 - 🇫🇷France prudloff Lille
This fixes the vulnerability but redirects to
/undefinedwhen selecting a value.
I think this happens because inautocomplete-widget.jsthis.getElementsByTagName("input")[0].valuegets the value as unescaped HTML and then tries to use it as key for the URL array where it is escaped.I don't think you need to escape the
$automplete_urlskey. - First commit to issue fork.
- last update
6 months ago 1 pass - Status changed to Fixed
6 months ago 10:40am 27 June 2024 - 🇧🇪Belgium brentg Ghent
Implement the fix with the comments to fix the undefined.
There's a small issue still that I create an extra ticket for on #3457555
Automatically closed - issue fixed for 2 weeks with no activity.