Merge pull request #1857 from pi-hole/master

Sync Master -> Dev
2026-04-21 01:10:19 +01:00 · 2021-08-04 20:21:44 +01:00
parent 68034029b7 fb9bd561fd
commit dacdb3d72c
2 changed files with 5 additions and 2 deletions
--- a/scripts/pi-hole/php/groups.php
+++ b/scripts/pi-hole/php/groups.php
@@ -546,6 +546,9 @@ if ($_POST['action'] == 'get_groups') {
                    $res['domain'] = $utf8_domain.' ('.$res['domain'].')';
                }
            }
+            // Prevent domain and comment fields from returning any arbitary javascript code which could be executed on the browser.
+            $res['domain'] = htmlentities($res['domain']);
+            $res['comment'] = htmlentities($res['comment']);
            array_push($data, $res);
        }