You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by GitBox <gi...@apache.org> on 2019/03/12 20:42:16 UTC

[GitHub] [knox] rlevas edited a comment on issue #70: KNOX-1817 - Fix XSS issues with Alias API

rlevas edited a comment on issue #70: KNOX-1817 - Fix XSS issues with Alias API
URL: https://github.com/apache/knox/pull/70#issuecomment-472172680
 
 
   Since the content type is JSON, I think it would be an issue if the returned JSON document contained characters encoded for HTML.  This may be confusing to a client using the JSON document since HTML-encoded characters may be re-encoded if being displayed in an HTML document. 
   
   `<script>...</script>` means something in an HTML document, but has no meaning (other than the literal string) in a JSON document.   Therefore I would expect a consumer of a JSON document to properly encode the data for the target viewer.  If the target was an HTML document, I would expect that the JSON to HTML translation code would perform the encoding of the string as needed. 
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services