- Issue created by @mr.baileys
- 🇮🇳India sdhruvi5142
The proposed solution correctly addresses the XSS vulnerability by sanitizing the notification message with Xss::filterAdmin(). Since this configuration requires admin privileges, using filterAdmin() is appropriate as it maintains necessary HTML formatting while stripping dangerous scripts. I've verified the fix by testing with various payloads (including
tags and HTML attributes) and confirmed it prevents execution while preserving legitimate markup. The implementation follows Drupal's security best practices by sanitizing at output time without breaking existing functionality. Moving this to RTBC but creating a new issues for fixing the phpcs issues and wraning showing up in the pipeline. #3515975 🐛 PHPCS Issues Active