php · filament/formsCritical
filament/forms: Disabled RichEditor field XSS in v3
In Filament v3, a disabled RichEditor field renders raw HTML without sanitization, enabling stored XSS.
What changed
In Filament v3, a disabled RichEditor field renders raw HTML without sanitization, enabling stored XSS.
Who it affects
Users of Filament v3 with disabled RichEditor fields containing unsanitized data.
What to do today
Upgrade to Filament v4 or sanitize data before filling form state.
The trail
Collected→
Audited→
Written→
Published