Commit 20106171 authored by Dries's avatar Dries
Browse files

- Patch #864584 by cwgordon7: filter format names not properly escaped.

parent 1d48f07f
......@@ -1075,7 +1075,7 @@ function theme_filter_tips_more_info() {
function theme_filter_guidelines($variables) {
$format = $variables['format'];
$name = isset($format->name) ? '<label>' . $format->name . ':</label>' : '';
$name = isset($format->name) ? '<label>' . check_plain($format->name) . ':</label>' : '';
$attributes['class'][] = 'filter-guidelines-item';
$attributes['class'][] = 'filter-guidelines-' . $format->format;
return '<div' . drupal_attributes($attributes) . '>' . $name . theme('filter_tips', array('tips' => _filter_tips($format->format, FALSE))) . '</div>';
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment