[ https://issues.apache.org/jira/browse/SLING-8845?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Radu Cotescu closed SLING-8845. ------------------------------- > URL query parameter values are double-escaped for cases where namespace > mangling has to be performed > ---------------------------------------------------------------------------------------------------- > > Key: SLING-8845 > URL: https://issues.apache.org/jira/browse/SLING-8845 > Project: Sling > Issue Type: Bug > Components: XSS Protection API > Affects Versions: XSS Protection API 2.0.8 > Reporter: Radu Cotescu > Assignee: Radu Cotescu > Priority: Major > Fix For: XSS Protection API 2.1.16 > > > URL query parameter values are double-escaped for cases where namespace > mangling has to be performed: > {code:java} > xssAPI.getValidHref("/path/to/page?key=%25text"); // -> > /path/to/page?key=%25text (which is correct) > xssAPI.getValidHref("/path/to/page/jcr:content/par?key=%25text"); // -> > /path/to/page/_jcr_content/par?key=%2525text (which is wrong) > {code} -- This message was sent by Atlassian Jira (v8.3.4#803005)