[ https://issues.apache.org/jira/browse/SLING-2085?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13811438#comment-13811438 ]
Andrei Dulvac commented on SLING-2085: -------------------------------------- [~bdelacretaz], What I meant is that using RequestUtil in RequestHistoryConsolePlugin might not be safe right now, as using quotes can be part of an XSS attack. > RequestHistoryConsolePlugin should escape HTML text > --------------------------------------------------- > > Key: SLING-2085 > URL: https://issues.apache.org/jira/browse/SLING-2085 > Project: Sling > Issue Type: Bug > Components: Engine > Affects Versions: Engine 2.2.2 > Reporter: Bertrand Delacretaz > Assignee: Bertrand Delacretaz > Priority: Minor > Fix For: Engine 2.2.4 > > > The RequestHistoryConsolePlugin should escape the HTML text that it outputs -- This message was sent by Atlassian JIRA (v6.1#6144)