Merge pull request #13 from prajapati-kaushik/7094-protect-against-xss

joostfaassen · web-flow · commit 16ffdc1625c5 · 2023-02-21T16:29:55.000+01:00
perf: protect against xss #7094
diff --git a/src/Services/FieldResolver.php b/src/Services/FieldResolver.php
@@ -103,6 +103,11 @@ public function resolve($source, $args, $context, ResolveInfo $info)
             }
         }
 
+        if (!empty($fieldConfig['sanitize'])) {
+            $value = $property ?? '';
+            return htmlspecialchars($value);
+        }
+
         return $property instanceof \Closure ? $property($source, $args, $context) : $property;
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -103,6 +103,11 @@ public function resolve($source, $args, $context, ResolveInfo $info)`
`103`	`103`	`}`
`104`	`104`	`}`
`105`	`105`
	`106`	`+ if (!empty($fieldConfig['sanitize'])) {`
	`107`	`+ $value = $property ?? '';`
	`108`	`+ return htmlspecialchars($value);`
	`109`	`+ }`
	`110`	`+`
`106`	`111`	`return $property instanceof \Closure ? $property($source, $args, $context) : $property;`
`107`	`112`	`}`
`108`	`113`	`}`