Skip to content
This repository was archived by the owner on Apr 29, 2019. It is now read-only.

Commit d61dcee

Browse files
committed
MAGETWO-83574: Major arbitrary JavaScript code execution in adminhtml
1 parent 2028ccd commit d61dcee

File tree

3 files changed

+10
-1
lines changed

3 files changed

+10
-1
lines changed

app/code/Magento/Ui/view/base/web/js/form/components/html.js

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,10 @@ define([
2020
loading: false,
2121
visible: true,
2222
template: 'ui/content/content',
23-
additionalClasses: {}
23+
additionalClasses: {},
24+
ignoreTmpls: {
25+
content: true
26+
}
2427
},
2528

2629
/**

app/code/Magento/Ui/view/base/web/js/form/provider.js

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,9 @@ define([
2121
save: '${ $.submit_url }',
2222
beforeSave: '${ $.validate_url }'
2323
}
24+
},
25+
ignoreTmpls: {
26+
data: true
2427
}
2528
},
2629

app/code/Magento/Ui/view/base/web/js/grid/provider.js

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,9 @@ define([
3030
listens: {
3131
params: 'onParamsChange',
3232
requestConfig: 'updateRequestConfig'
33+
},
34+
ignoreTmpls: {
35+
data: true
3336
}
3437
},
3538

0 commit comments

Comments
 (0)