Omega does not properly escape the site_name variable when it uses it for the alt or title attributes in the $logo_img and $linked_logo_img template variables.

This means if a site_name has any html code in it, that rendering the logo image in the page could render undesired (eg xss) html codes.

Patch coming below.


jwilson3’s picture

Status: Active » Needs review
7.59 KB

This patch also cleans up a bunch of whitespace issues in the template.php file.

fubhy’s picture

Status: Needs review » Fixed

Commited. Thanks

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.