This document contains information for an outdated version (3.0) and may not be maintained any more. If some of your projects still use this version, consider upgrading as soon as possible.



Security: XSS in form validation errors (SS-2013-008)

See announcement

Security: XSS in CMS "Pages" section (SS-2013-009)

See announcement

API: Form validation message no longer allow HTML

Due to cross-site scripting concerns when user data is used for form messages, it is no longer possible to use HTML in Form->sessionMessage(), and consequently in the FormField->validate() API.