Description
Some Twig filters in CodeExtension use "is_safe=html" but don't actually ensure their input is safe.
Resolution
Symfony now escapes the output of the affected filters.
The patch for this issue is available here for branch 4.4.
Credits
We would like to thank Pierre Rudloff for reporting the issue and to Nicolas Grekas for providing the fix.
Description
Some Twig filters in CodeExtension use "is_safe=html" but don't actually ensure their input is safe.
Resolution
Symfony now escapes the output of the affected filters.
The patch for this issue is available here for branch 4.4.
Credits
We would like to thank Pierre Rudloff for reporting the issue and to Nicolas Grekas for providing the fix.