Allan Simon
Allan Simon
here I really think it's a bug , because TextField::setFormatValue is safe by default , while associationField::setFormatValue is not
@javiereguiluz do you agree with me here (so that I know if it's worth it to fix the PR )
Hello my neovim is running inside a dockerized environment (so without X) , so the same as it possible to get tabnine hub opening by doing port redirection, is there...
@OskarStark I see this the same way as having twig that by default escape html, which could be done in userland too, i.e it's about providing the user with safe...
yes, looking to the schedule, 8.0 is fine, sorry if my wording above was implying I wanted it in 7.0 at all cost. I edited my initial issue for clarity.
I agree with you, I may add I think it is important as even the OWASP and CWE have a code for it https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html https://cwe.mitre.org/data/definitions/601.html 601 which map to the...
> AbstractController::redirect() is a thin wrapper to make the functionality behind RedirectResponse discoverable. I'd strongly advise against loading additional logic into that utility method. fair enough , as otherwise one...
> I mean, if you want to give it a shot, create a PR for Symfony that adds such a listener I think I will try to give it a...
@stof @OskarStark in the light of @derrabus advices, I've revamped my proposition, I've also adressed your comments on 1. BC break (it know could be introduced in a non-breaking way...