ZF-11737: Zend_Dojo_View_Helper_Textarea does not escape value
Zend_Dojo_View_Helper_Textarea does not escape its value by default as other view helpers do. This could lead to a potential security leak.
I would expect this helper to function as:
--- library/Zend/Dojo/View/Helper/Textarea.php (revision 28557) +++ library/Zend/Dojo/View/Helper/Textarea.php (working copy) @@ -72,7 +72,7 @@ $attribs = $this->_prepareDijit($attribs, $params, 'textarea');
$html = '<textarea' . $this->_htmlAttribs($attribs) . '>'
- . $value + . $this->view->escape($value) . "\n";