symfony/ux-autocomplete
php · symfony/ux-autocompleteHeads-up
symfony/ux-autocomplete: LIKE wildcard injection fix in EntitySearchUtil
EntitySearchUtil now escapes LIKE wildcards (% and _) and backslash in user-supplied queries, and adds an explicit ESCAPE clause t
20 Jun 2026 · schedule it
php · symfony/ux-autocompleteHeads-up
symfony/ux-autocomplete: Stimulus controller now escapes text field by default to prevent XSS
The Stimulus controller in symfony/ux-autocomplete now HTML-escapes the `text` field in AJAX response items by default, preventing
20 Jun 2026 · schedule it