[
https://issues.apache.org/jira/browse/KNOX-1817?focusedWorklogId=212022&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-212022
]
ASF GitHub Bot logged work on KNOX-1817:
----------------------------------------
Author: ASF GitHub Bot
Created on: 12/Mar/19 20:41
Start Date: 12/Mar/19 20:41
Worklog Time Spent: 10m
Work Description: rlevas commented on issue #70: KNOX-1817 - Fix XSS
issues with Alias API
URL: https://github.com/apache/knox/pull/70#issuecomment-472172680
Since the content type is JSON, I think it would be an issue if the return
JSON document contained characters encoded for HTML. This may be confusing to
a client using the JSON document since HTML-encoded characters may be
re-encoded if being displayed in an HTML document.
`<script>...</script>` means something in an HTML document, but has no
meaning (other than the literal string) in a JSON document. Therefore I would
expect a consumer of a JSON document to properly encode the data for the target
viewer. If the target was an HTML document, I would expect that the JSON to
HTML translation code would perform the encoding of the string as needed.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 212022)
Time Spent: 1h 20m (was: 1h 10m)
> Fix XSS issues with AliasResource
> ---------------------------------
>
> Key: KNOX-1817
> URL: https://issues.apache.org/jira/browse/KNOX-1817
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Reporter: Sandeep More
> Assignee: Sandeep More
> Priority: Major
> Fix For: 1.3.0
>
> Time Spent: 1h 20m
> Remaining Estimate: 0h
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
