You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@ofbiz.apache.org by "Deepak Dixit (JIRA)" <ji...@apache.org> on 2019/06/04 11:01:00 UTC
[jira] [Commented] (OFBIZ-11090) Html escaping missing for
renderLink parameters
[ https://issues.apache.org/jira/browse/OFBIZ-11090?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16855580#comment-16855580 ]
Deepak Dixit commented on OFBIZ-11090:
--------------------------------------
This has been done at
ofbiz framework trunk at r#1860597
ofbiz framework R18.12 at r#1860598
ofbiz framework R17.12 at r#1860599
ofbiz framework R16.11 at r#1860600
> Html escaping missing for renderLink parameters
> -----------------------------------------------
>
> Key: OFBIZ-11090
> URL: https://issues.apache.org/jira/browse/OFBIZ-11090
> Project: OFBiz
> Issue Type: Bug
> Affects Versions: 17.12.01, 16.11.05, Upcoming Branch, 18.12.01
> Reporter: Deepak Dixit
> Assignee: Deepak Dixit
> Priority: Major
> Attachments: OFBIZ-11090.patch
>
>
> Html escaping missing for renderLink parameters. Parameters should be escaped to avoid Cross Site Scripting.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)