You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jackrabbit.apache.org by "Tobias Bocanegra (JIRA)" <ji...@apache.org> on 2016/05/16 18:00:15 UTC

[jira] [Created] (JCRVLT-117) Potential XSS problem in org.apache.jackrabbit.vault.util.HtmlProgressListener

Tobias Bocanegra created JCRVLT-117:
---------------------------------------

             Summary: Potential XSS problem in org.apache.jackrabbit.vault.util.HtmlProgressListener
                 Key: JCRVLT-117
                 URL: https://issues.apache.org/jira/browse/JCRVLT-117
             Project: Jackrabbit FileVault
          Issue Type: Bug
            Reporter: Tobias Bocanegra


the {{org.apache.jackrabbit.vault.util.HtmlProgressListener}} should escape the arguments before it streams them to the stream. the users of the progress listener should not care about the intended output medium.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)