Roman Kovařík
created MGNLSTK-1103
Wrap nodes with HTMLEscapingNodeWrapper before rendering - port to master
Issue Type:
Improvement
Assignee:
Roman Kovařík
Created:
27/Feb/13 8:14 AM
Description:
MAGNOLIA-4011 introduces unwrapping nodes before rendering because of problem with multiple escaping.
Unfortunately This change causes XSS vulnerability of most FTL templates.
Don't unwrap nodes from HTMLEscapingNodeWrapper before rendering.
Wrap nodes with HTMLEscapingNodeWrapper if they are not wrapped already.
Fix Versions:
2.0.9
Project:
Magnolia Standard Templating Kit
Priority:
Major
Reporter:
Roman Kovařík
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
Forlistdetails,see:http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively,useourforums:http://forum.magnolia-cms.com/
Tounsubscribe,E-mailto:dev-list-unsubscr...@magnolia-cms.com