You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Radu Cotescu (Jira)" <ji...@apache.org> on 2020/08/26 15:15:00 UTC
[jira] [Resolved] (SLING-9694) XSSAPIImpl#getValidHref does not
escape the ampersand character
[ https://issues.apache.org/jira/browse/SLING-9694?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Radu Cotescu resolved SLING-9694.
---------------------------------
Fix Version/s: (was: XSS Protection API 2.2.8)
Resolution: Won't Fix
> XSSAPIImpl#getValidHref does not escape the ampersand character
> ---------------------------------------------------------------
>
> Key: SLING-9694
> URL: https://issues.apache.org/jira/browse/SLING-9694
> Project: Sling
> Issue Type: Bug
> Components: XSS Protection API
> Affects Versions: XSS Protection API 1.0.0, XSS Protection API 2.0.0, XSS Protection API 2.1.0, XSS Protection API 2.2.0, XSS Protection API Compat 1.1.0
> Reporter: Radu Cotescu
> Assignee: Radu Cotescu
> Priority: Major
>
> {{XSSAPIImpl#getValidHref}} does not escape the ampersand character, although the API's JavaDoc states that the method should "Sanitize a URL for writing as an HTML href or src attribute value".
--
This message was sent by Atlassian Jira
(v8.3.4#803005)