XSS escape in form helper and forge where missing.

3 files changed, 3 insertions, 3 deletions

diff --git a/modules/forge/libraries/Form_Checkbox.php b/modules/forge/libraries/Form_Checkbox.php
index b94fc438..aded4fdf 100644
--- a/modules/forge/libraries/Form_Checkbox.php
+++ b/modules/forge/libraries/Form_Checkbox.php
@@ -68,7 +68,7 @@ class Form_Checkbox_Core extends Form_Input {
 			$label = ' '.ltrim($label);
 		}
 
-		return '<label>'.form::input($data).$label.'</label>';
+		return '<label>'.form::input($data).html::clean($label).'</label>';
 	}
 
 	protected function load_value()
diff --git a/modules/forge/libraries/Form_Checklist.php b/modules/forge/libraries/Form_Checklist.php
index 99b455bd..4536d396 100644
--- a/modules/forge/libraries/Form_Checklist.php
+++ b/modules/forge/libraries/Form_Checklist.php
@@ -67,7 +67,7 @@ class Form_Checklist_Core extends Form_Input {
 			$data['value']   = $val;
 			$data['checked'] = $checked;
 
-			$checklist .= '<li><label>'.form::checkbox($data).' '.$title.'</label></li>'.$nl;
+			$checklist .= '<li><label>'.form::checkbox($data).' '.html::purify($title).'</label></li>'.$nl;
 		}
 		$checklist .= '</ul>';
 
diff --git a/modules/forge/libraries/Form_Group.php b/modules/forge/libraries/Form_Group.php
index 29eff510..e0601321 100644
--- a/modules/forge/libraries/Form_Group.php
+++ b/modules/forge/libraries/Form_Group.php
@@ -57,7 +57,7 @@ class Form_Group_Core extends Forge {
 		{
 			if ($label = $this->data['label'])
 			{
-				return $this->data['label'];
+				return html::purify($this->data['label']);
 			}
 		}
 		else