php · symfony/ux-live-componentHeads-up
symfony/ux-live-component: ChildComponentPartialRenderer validates $childTag against strict HTML tag regex
ChildComponentPartialRenderer now validates $childTag against a strict HTML tag-name regex before interpolating it, rejecting invalid values.
What changed
ChildComponentPartialRenderer now validates $childTag against a strict HTML tag-name regex before interpolating it, rejecting invalid values.
Who it affects
Applications using symfony/ux-live-component with child components, especially those with relaxed CORS or same-origin XSS vulnerabilities.
What to do today
Apply the patch from commit fbc5e9a1bda7e4556be21bb1d970f382760ed9a9 or update to a fixed version.
The trail
Collected→
Audited→
Written→
Published