Merge pull request #2485 from bigcommerce/BCTHEME-1985

fix(storefront): BCTHEME-1985 Fix stored XSS within company address field
bigcommerce · Oct 1, 2024 · f9f00f8 · f9f00f8
2 parents 09307e1 + d765674
commit f9f00f8
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -15,6 +15,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Account.js - Fixed jquery selector to be template literal [#2464](https://github.com/bigcommerce/cornerstone/pull/2464)
 - Address deprecated jQuery methods [#2466](https://github.com/bigcommerce/cornerstone/pull/2466)
 - Load other font weights and styles for the body-font [#2396](https://github.com/bigcommerce/cornerstone/pull/2396)
+- Stored XSS within company address field [#2485](https://github.com/bigcommerce/cornerstone/pull/2485)
 
 ## 6.14.0 (05-15-2024)
 - Account.php <a href> is inside of a list item [#2457](https://github.com/bigcommerce/cornerstone/pull/2457)

diff --git a/templates/components/account/address-list.html b/templates/components/account/address-list.html
@@ -9,7 +9,7 @@
                 <div class="panel-body">
                     <h5 class="address-title">{{first_name}} {{last_name}}</h5>
                     <ul class="address-details address-details--postal">
-                        <li>{{{company}}}</li>
+                        <li>{{company}}</li>
                         <li>{{address1}}</li>
                         <li>{{address2}}</li>
                         <li>{{city}}{{#if state}}, {{state}}{{/if}} {{zip}}</li>