You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Radu Cotescu (JIRA)" <ji...@apache.org> on 2018/08/08 09:30:00 UTC

[jira] [Created] (SLING-7814) URLs with JCR namespaces can get double encoded by XSSAPI.getValidHref

Radu Cotescu created SLING-7814:
-----------------------------------

             Summary: URLs with JCR namespaces can get double encoded by XSSAPI.getValidHref
                 Key: SLING-7814
                 URL: https://issues.apache.org/jira/browse/SLING-7814
             Project: Sling
          Issue Type: Bug
          Components: Extensions
    Affects Versions: XSS Protection API 2.0.8
            Reporter: Radu Cotescu
            Assignee: Radu Cotescu
             Fix For: XSS Protection API 2.0.14


The following URLs, when passed to {{org.apache.sling.xss.XSSAPI#getValidHref}}, get double encoded:
 # {{/content/page with spaces/jcr:content}}
 # {{/content/page%20with%20spaces/jcr:content}}

The bug seems to be in the {{org.apache.sling.xss.impl.XSSAPIImpl#mangleNamespaces}} method.

 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)