ISIS-883 and ISIS-884 now fixed in 1.7.0-SNAPSHOT; please see comments for
ISIS-883 [1] and commit message for ISIS-884 [2]
[1]
https://issues.apache.org/jira/browse/ISIS-883?focusedCommentId=14131180page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-14131180
[2]
Thanks for raising this, will also attend to.
Do you want to raise tickets for this and the other issue you've raised?
On 9 September 2014 00:34, Christopher Fairhall
christopher.fairhall...@msd.govt.nz wrote:
Another issue our security review picked up was the default error page,
Another issue our security review picked up was the default error page,
org.apache.isis.viewer.wicket.ui.pages.error.ErrorPage is vulnerable to XSS via
org.apache.isis.viewer.wicket.ui.errors.ExceptionStackTracePanel
In the constructor of ExceptionStackTracePanel, it adds a Label with the