[magnolia-dev] [JIRA] (MGNLSTK-1103) Wrap nodes with HTMLEscapingNodeWrapper before rendering - port to master

[on behalf of Roman Kovařík]

Roman Kovařík
 created  MGNLSTK-1103


Wrap nodes with HTMLEscapingNodeWrapper before rendering - port to master















Issue Type:


Improvement



Assignee:


Roman Kovařík



Created:


27/Feb/13 8:14 AM



Description:


MAGNOLIA-4011 introduces unwrapping nodes before rendering because of problem with multiple escaping. 
Unfortunately This change causes XSS vulnerability of most FTL templates.

	Don't unwrap nodes from HTMLEscapingNodeWrapper before rendering.
	Wrap nodes with HTMLEscapingNodeWrapper if they are not wrapped already.






Fix Versions:


2.0.9



Project:


Magnolia Standard Templating Kit



Priority:


Major




Reporter:


Roman Kovařík




























This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira








Forlistdetails,see:http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively,useourforums:http://forum.magnolia-cms.com/
Tounsubscribe,E-mailto:dev-list-unsubscr...@magnolia-cms.com

[magnolia-dev] [JIRA] (MGNLSTK-1103) Wrap nodes with HTMLEscapingNodeWrapper before rendering - port to master

[on behalf of Roman Kovařík]

Roman Kovařík
 updated  MGNLSTK-1103


Wrap nodes with HTMLEscapingNodeWrapper before rendering - port to master
















Change By:


Roman Kovařík
(27/Feb/13 8:15 AM)




Fix Version/s:


2.5





Fix Version/s:


2.0.9



























This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira








Forlistdetails,see:http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively,useourforums:http://forum.magnolia-cms.com/
Tounsubscribe,E-mailto:dev-list-unsubscr...@magnolia-cms.com