[ https://issues.apache.org/jira/browse/ISIS-3077?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andi Huber updated ISIS-3077: ----------------------------- Affects Version/s: (was: 2.0.0-M7) > [Vulnerability] All HTML Inputs need to be Escaped in Order to Avoid XSS > Vulnarabilities > ---------------------------------------------------------------------------------------- > > Key: ISIS-3077 > URL: https://issues.apache.org/jira/browse/ISIS-3077 > Project: Isis > Issue Type: Bug > Components: Isis Viewer Wicket > Reporter: Jörg Rade > Assignee: Andi Huber > Priority: Critical > Fix For: 2.0.0-M8 > > > Problem is with our use of Wicket's > org.apache.wicket.markup.html.form.TextField<T>: input gets > interpreted/executed by the browser. > see > https://the-asf.slack.com/archives/CFC42LWBV/p1655298008979249?thread_ts=1655296945.755859&cid=CFC42LWBV -- This message was sent by Atlassian Jira (v8.20.7#820007)