You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Henry Kuijpers (Jira)" <ji...@apache.org> on 2020/01/17 16:21:00 UTC
[jira] [Created] (SLING-9011) HTL: "automatic" context=uri on
href/src seems to be wrong - Should be uri *and* html
Henry Kuijpers created SLING-9011:
-------------------------------------
Summary: HTL: "automatic" context=uri on href/src seems to be wrong - Should be uri *and* html
Key: SLING-9011
URL: https://issues.apache.org/jira/browse/SLING-9011
Project: Sling
Issue Type: New Feature
Components: Scripting
Affects Versions: Scripting HTL Engine 1.3.2-1.4.0
Reporter: Henry Kuijpers
url=[http://test.com/?a=true&b=false&c=%3F|http://test.com/?a=true&b=false]
<a href="${url}">Test</a>
I expect the href to be (when viewing page source):
[http://test.com/?a=true&b=false&c=%3F]
It however is:
[http://test.com/?a=true&b=false&c=%3F]
HTML requires attributes to also be encoded, so I believe we're not doing enough to do the proper encoding/escaping here.
WDYT?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)