Replies: 2
Using the TOS checkbox on a form creates an XSS issue. This is due to the fact that the TOS has an anchor that is wrapped around the label with an unsanitized URL (line 2190):
$tos_link_tag = "<a href=\"#\" onClick=\"window.open('" . $tos_link_url . "','tos');\">";
Also, creating an anchor on a label is highly inaccessible.
Recommend reviewing this functionality. Have had to update this to sanitize the url:
$tos_link_tag = "<a href=\"#\" onClick=\"window.open('" . sanitize_url($tos_link_url) . "','tos');\">";