You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Konrad Windszus (Jira)" <ji...@apache.org> on 2020/01/07 13:09:00 UTC

[jira] [Created] (SLING-8966) Escape all dynamic variables

Konrad Windszus created SLING-8966:
--------------------------------------

             Summary: Escape all dynamic variables
                 Key: SLING-8966
                 URL: https://issues.apache.org/jira/browse/SLING-8966
             Project: Sling
          Issue Type: Improvement
          Components: Installer
    Affects Versions: Installer Console 1.0.2
            Reporter: Konrad Windszus
            Assignee: Konrad Windszus
             Fix For: Installer Console 1.0.4


There should be protection against HTML in dynamic variables as discussed in https://issues.apache.org/jira/browse/SLING-5746?focusedCommentId=17009675&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17009675



--
This message was sent by Atlassian Jira
(v8.3.4#803005)