![]() |
|
|
|
|
Issue Type:
|
![Improvement]() Improvement
|
|
Assignee:
|
Unassigned |
|
Components:
|
forms |
|
Created:
|
11/Aug/14 2:09 PM
|
|
Description:
|
A customer who looked deep into the Form module validation and field value submission rose this topic (SUPPORT-3873):
1. As for preventing XSS attacks in the form module all inputs are html escaped,
a similar approach should also be considered within the AdminCentral forms. In the AdminCentral all form fields are open to XSS attacks.
It would be favorable, it the used solution would be aligned/comparable to the (new) implementation used in the form module.
2. Which leads to the second points:
He suggests to rethink the XSS html escaping implementation currently used in the form module. It might not be the best way to prevent such attacks.
As this topic is involving two modules, I created it here in the UI section (point 1 seems more important).
|
|
Project:
|
Magnolia UI
|
|
Labels:
|
support
|
|
Priority:
|
![Neutral]() Neutral
|
|
Reporter:
|
Christian Ringele
|
|
|
|
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
----------------------------------------------------------------
For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: <dev-list-unsubscr...@magnolia-cms.com>
----------------------------------------------------------------
