[jira] [Commented] (SLING-6787) HTMLRendererServlet shoud properly encode output

Carsten Ziegeler (JIRA) Tue, 25 Apr 2017 01:17:32 -0700

    [ 
https://issues.apache.org/jira/browse/SLING-6787?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15982542#comment-15982542
 ]


Carsten Ziegeler commented on SLING-6787:
-----------------------------------------

[~acollign] Thanks for the patch. I see that you replaced the usage of 
StringEscapeUtils.escapeHtml with using the xss api service.
Is this really required, or can't we simply use StringEscapeUtils.escapeHtml in 
all the places?
I'm asking as this introduces a new dependency to the xss service

> HTMLRendererServlet shoud properly encode output
> ------------------------------------------------
>
>                 Key: SLING-6787
>                 URL: https://issues.apache.org/jira/browse/SLING-6787
>             Project: Sling
>          Issue Type: Improvement
>          Components: Servlets
>    Affects Versions: Servlets Get 2.1.18
>            Reporter: Alex COLLIGNON
>         Attachments: 
> 0001-SLING-6787-HTMLRendererServlet-shoud-properly-encode.patch
>
>
> Some of the values rendered by HTMLRendererServlet can be (better) encoded.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Commented] (SLING-6787) HTMLRendererServlet shoud properly encode output

Reply via email to