You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Nicolas Peltier (Jira)" <ji...@apache.org> on 2020/09/26 17:03:00 UTC
[jira] [Created] (SLING-9770) XSS API encodeForCSSString should
sometimes leave the '>' character alone
Nicolas Peltier created SLING-9770:
--------------------------------------
Summary: XSS API encodeForCSSString should sometimes leave the '>' character alone
Key: SLING-9770
URL: https://issues.apache.org/jira/browse/SLING-9770
Project: Sling
Issue Type: Bug
Components: XSS Protection API
Affects Versions: XSS Protection API 2.2.6
Reporter: Nicolas Peltier
while
xssApi.encodeForCSSString should righteously encode {color:#6a8759}"JavaScrIpt some text>"{color}{color:#172b4d} into {color}{color:#6a8759}"JavaScrIpt some text{color}{color:#cc7832}\\{color}{color:#6a8759}3e"{color}{color:#cc7832}
{color}it should leave {color:#6a8759}".foo > .bar \{ some rule }"{color}{color:#cc7832}{color:#172b4d} alone{color} {color:#172b4d}as changing here the '>' character {color}{color:#172b4d}will break the CSS{color}
{color}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)