[jira] [Resolved] (SLING-9694) XSSAPIImpl#getValidHref does not escape the ampersand character

Radu Cotescu (Jira) Wed, 26 Aug 2020 08:15:13 -0700


     [ 
https://issues.apache.org/jira/browse/SLING-9694?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Radu Cotescu resolved SLING-9694.
---------------------------------
    Fix Version/s:     (was: XSS Protection API 2.2.8)
       Resolution: Won't Fix

> XSSAPIImpl#getValidHref does not escape the ampersand character
> ---------------------------------------------------------------
>
>                 Key: SLING-9694
>                 URL: https://issues.apache.org/jira/browse/SLING-9694
>             Project: Sling
>          Issue Type: Bug
>          Components: XSS Protection API
>    Affects Versions: XSS Protection API 1.0.0, XSS Protection API 2.0.0, XSS 
> Protection API 2.1.0, XSS Protection API 2.2.0, XSS Protection API Compat 
> 1.1.0
>            Reporter: Radu Cotescu
>            Assignee: Radu Cotescu
>            Priority: Major
>
> {{XSSAPIImpl#getValidHref}} does not escape the ampersand character, although 
> the API's JavaDoc states that the method should "Sanitize a URL for writing 
> as an HTML href or src attribute value".



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Resolved] (SLING-9694) XSSAPIImpl#getValidHref does not escape the ampersand character

Reply via email to