fix(storefront): BCTHEME-1072 Stored XSS within Wishlist creation (#2289

)
bigcommerce · Dec 7, 2022 · 57ef520 · 57ef520
1 parent 08b3d9d
commit 57ef520
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## Draft
+- Stored XSS within Wishlist creation.[#2289](https://github.com/bigcommerce/cornerstone/issues/2289)
 - Set "Show quick payment buttons" setting to true by default [#2283]https://github.com/bigcommerce/cornerstone/pull/2283
 - Fixed en-CA translation warning in terminal. [#2278][https://github.com/bigcommerce/cornerstone/pull/2278]
 - Added manual captcha to Contact Us form for additional spam protection. [#2290](https://github.com/bigcommerce/cornerstone/pull/2290)

diff --git a/templates/components/account/wishlist-list.html b/templates/components/account/wishlist-list.html
@@ -10,7 +10,7 @@
     <tbody class="table-tbody">
     {{#each customer.wishlists}}
         <tr>
-            <td><a href="{{view_url}}">{{{name}}}</a></td>
+            <td><a href="{{view_url}}">{{name}}</a></td>
             <td>{{num_items}}</td>
             <td>
                 {{#if is_public }}