This document contains information about a future release and not the current stable version (3.1).
Be aware that information on this page may change and API's may not be stable for production use.
Security: XSS in CMS "Security" section (SS-2013-007)
Security: XSS in form validation errors (SS-2013-008)
Security: XSS in CMS "Pages" section (SS-2013-009)
API: Form validation message no longer allow HTML
Due to cross-site scripting concerns when user data is used for form messages,
it is no longer possible to use HTML in
Form->sessionMessage(), and consequently