[jira] [Resolved] (SLING-7741) org.apache.sling.xss.impl.XSSAPIImpl#getValidHref doesn't correctly handle the ":" character in URL fragments

Radu Cotescu (JIRA) Fri, 29 Jun 2018 08:49:32 -0700


     [ 
https://issues.apache.org/jira/browse/SLING-7741?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Radu Cotescu resolved SLING-7741.
---------------------------------
    Resolution: Fixed

Fixed in [commit 
bfee439|https://github.com/apache/sling-org-apache-sling-xss/commit/bfee439].

> org.apache.sling.xss.impl.XSSAPIImpl#getValidHref doesn't correctly handle 
> the ":" character in URL fragments
> -------------------------------------------------------------------------------------------------------------
>
>                 Key: SLING-7741
>                 URL: https://issues.apache.org/jira/browse/SLING-7741
>             Project: Sling
>          Issue Type: Bug
>          Components: XSS Protection API
>    Affects Versions: XSS Protection API 1.0.0, XSS Protection API 2.0.0, XSS 
> Protection API Compat 1.1.0
>            Reporter: Radu Cotescu
>            Assignee: Radu Cotescu
>            Priority: Major
>             Fix For: XSS Protection API 2.0.8
>
>         Attachments: SLING-7741.correct_uri_parsing.patch
>
>          Time Spent: 1h
>  Remaining Estimate: 0h
>
> {{org.apache.sling.xss.impl.XSSAPIImpl#getValidHref}} doesn't correctly 
> handle the ":" character in URL fragments:
> {code}
> https://sling.apache.org/#fragment:test -> 
> https://sling.apache.org/_#fragment_test
> {code}
> Namespace mangling should only occur for the path section of the URL.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Resolved] (SLING-7741) org.apache.sling.xss.impl.XSSAPIImpl#getValidHref doesn't correctly handle the ":" character in URL fragments

Reply via email to