[
https://issues.apache.org/jira/browse/SLING-6787?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15982572#comment-15982572
]
Carsten Ziegeler commented on SLING-6787:
-----------------------------------------
[~acollign] Thanks, I understand the difference but is there anything in this
context which StringEscapeUtils.escapeHtml doesn't catch?
Now, the dependency is one thing, but we use that method (or similar mechanism)
in other places, so if that is not safe to use, we probably should replace it
everywhere
> HTMLRendererServlet shoud properly encode output
> ------------------------------------------------
>
> Key: SLING-6787
> URL: https://issues.apache.org/jira/browse/SLING-6787
> Project: Sling
> Issue Type: Improvement
> Components: Servlets
> Affects Versions: Servlets Get 2.1.18
> Reporter: Alex COLLIGNON
> Fix For: Servlets Get 2.1.24
>
> Attachments:
> 0001-SLING-6787-HTMLRendererServlet-shoud-properly-encode.patch
>
>
> Some of the values rendered by HTMLRendererServlet can be (better) encoded.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
