[ https://issues.apache.org/jira/browse/SLING-5445?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Radu Cotescu resolved SLING-5445. --------------------------------- Resolution: Fixed Fixed in [r1726027|https://svn.apache.org/r1726027]. > XSSAPI#encodeForJSString is too restrictive > ------------------------------------------- > > Key: SLING-5445 > URL: https://issues.apache.org/jira/browse/SLING-5445 > Project: Sling > Issue Type: Bug > Components: Extensions > Affects Versions: XSS Protection API 1.0.6 > Reporter: Radu Cotescu > Assignee: Radu Cotescu > Fix For: XSS Protection API 1.0.8 > > > For the cases when somebody tries to sanitise JSON strings the > {{XSSAPI#encodeForJSString}} current implementation is too restrictive. > Assuming one would want to sanitize {{2016-01-21T15:40:30}}, the output of > the {{XSSAPI#encodeForJSString}} would be > {noformat} > 2016\-01\-21T15:40:30 > {noformat} > which although is a valid String for JavaScript code is not a valid one for > JSON. -- This message was sent by Atlassian JIRA (v6.3.4#6332)