eu_cookie_compliance 8.x-1.3

Release notes

Fixed a security issue where some output was not sanitized, causing potential XSS. The issue is mitigated by the attacker needing to have the permission “Administer EU Cookie Compliance”, and in addition access to a text format that doesn’t sanitize output. Also several bug fixes.

EU Cookie Compliance – Critical – Cross site scripting – SA-CONTRIB-2019-033

Fix security issue involving XSS. Mitigated by need to have admin access
Issue #3002528 by svenryen: Withdraw consent after agreeing is not working correctly
Issue #3008618 by svenryen: attachBehaviors after loading blacklisted scripts
Issue #2999117 by Dakwamine: In opt-out mode, do not ask again the user if he wants to consent after a withdraw
Issue #2973700 by AdamPS, svenryen: Consent by clicking option to exclude pages
Issue #2985662 by COBadger, svenryen: Missing button
Issue #3013518 by tauno: Use CloudFlare’s CF-IPCountry as a fallback if available
Issue #3012020 by Leo Pitt: Spaces between class attributes and “=”
Issue #2985558 by EduardoMadrid, svenryen: Convert javascript uris like public://path/file.js to relative paths
Issue #2994592 by jcnventura, svenryen, artfulrobot: Deletes cookies every 5s
Issue #3001177 by deepanker_bhalla, denisveg: Coding standard
Issue #2985543 by leymannx: Notice: Undefined variable: primary_button_label
Issue #2986882 by svenryen, smokris: Key to json hash cannot be “class” as it is a reserved word, use of “let” is not supported by all browsers as is ECMAScript

Download Size md5 hash
eu_cookie_compliance-8.x-1.3.tar.gz 36.5 KB 46844b3be605fc5a7caaa1b482ad754b 52.3 KB fbfd1b4f47649901c7411758879f2530
Last updated: 6 Mar 2019 at 12:08 UTC
Official release from tag: 
Core compatibility: 
Release type: 
Short description: 
Security update
Packaged Git sha1: