Skip to content

Commit cb75965

Browse files
brandonkellybrandonkelly
committed
Merge branch '4.x' of https://github.com/craftcms/cms into 5.x
2 parents 1adddfe + 1d7ba72 commit cb75965

File tree

2 files changed

+3
-2
lines changed

2 files changed

+3
-2
lines changed

CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@
1919
- Fixed an SSRF vulnerability. (GHSA-96pq-hxpw-rgh8)
2020
- Fixed an XSS vulnerability. (GHSA-7pr4-wx9w-mqwr)
2121
- Fixed a SQL injection vulnerability. (GHSA-2453-mppf-46cj)
22+
- Fixed an XSS vulnerability. (GHSA-9f5h-mmq6-2x78)
2223

2324
## 5.8.21 - 2025-12-04
2425

src/templates/_components/fieldtypes/Number/input.twig

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@
2525
<div class="flex">
2626
{% if hasPrefix %}
2727
<div aria-hidden="true">
28-
{{ prefix|t('site')|md(inlineOnly=true)|raw }}
28+
{{ prefix|t('site')|md(inlineOnly=true,encode=true)|raw }}
2929
</div>
3030
{% endif %}
3131
<div>
@@ -42,7 +42,7 @@
4242
</div>
4343
{% if hasSuffix %}
4444
<div aria-hidden="true">
45-
{{ suffix|t('site')|md(inlineOnly=true)|raw }}
45+
{{ suffix|t('site')|md(inlineOnly=true,encode=true)|raw }}
4646
</div>
4747
{% endif %}
4848
</div>

0 commit comments

Comments
 (0)