[jira] [Commented] (SLING-2085) RequestHistoryConsolePlugin should escape HTML text

Andrei Dulvac (JIRA) Fri, 01 Nov 2013 09:58:22 -0700

    [ 
https://issues.apache.org/jira/browse/SLING-2085?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13811438#comment-13811438
 ]


Andrei Dulvac commented on SLING-2085:
--------------------------------------

[~bdelacretaz], What I meant is that using RequestUtil in 
RequestHistoryConsolePlugin might not be safe right now, as using quotes can be 
part of an XSS attack.

> RequestHistoryConsolePlugin should escape HTML text
> ---------------------------------------------------
>
>                 Key: SLING-2085
>                 URL: https://issues.apache.org/jira/browse/SLING-2085
>             Project: Sling
>          Issue Type: Bug
>          Components: Engine
>    Affects Versions: Engine 2.2.2
>            Reporter: Bertrand Delacretaz
>            Assignee: Bertrand Delacretaz
>            Priority: Minor
>             Fix For: Engine 2.2.4
>
>
> The RequestHistoryConsolePlugin should escape the HTML text that it outputs



--
This message was sent by Atlassian JIRA
(v6.1#6144)

[jira] [Commented] (SLING-2085) RequestHistoryConsolePlugin should escape HTML text

Reply via email to