You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@struts.apache.org by "Rene Gielen (Created) (JIRA)" <ji...@apache.org> on 2012/02/18 18:42:00 UTC

[jira] [Created] (WW-3757) Improve output sanitizing best practices in example applications

Improve output sanitizing best practices in example applications
----------------------------------------------------------------

                 Key: WW-3757
                 URL: https://issues.apache.org/jira/browse/WW-3757
             Project: Struts 2
          Issue Type: Improvement
          Components: Example Applications
    Affects Versions: 2.3.1.1
            Reporter: Rene Gielen
            Assignee: Rene Gielen
             Fix For: 2.3.2


Data inputted by users should be outputted in a clean way to demonstrate XSS prevention.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (WW-3757) Improve output sanitizing best practices in example applications

Posted by "Hudson (Commented) (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/WW-3757?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13211045#comment-13211045 ] 

Hudson commented on WW-3757:
----------------------------

Integrated in Struts2 #415 (See [https://builds.apache.org/job/Struts2/415/])
    WW-3757
Show how to produce sanitized output of user inputted data (Revision 1290827)

     Result = SUCCESS
rgielen : 
Files : 
* /struts/struts2/trunk/apps/portlet/src/main/webapp/WEB-INF/view/freeMarkerExample.ftl
* /struts/struts2/trunk/apps/rest-showcase/src/main/webapp/WEB-INF/content/orders-index.jsp
* /struts/struts2/trunk/apps/rest-showcase/src/main/webapp/WEB-INF/content/orders-show.jsp
* /struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/options.ftl
* /struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/panel1.ftl
* /struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/panel2Submit.ftl
* /struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/panel3Submit.ftl
* /struts/struts2/trunk/apps/showcase/src/main/webapp/chat/showRoom.ftl
* /struts/struts2/trunk/apps/showcase/src/main/webapp/chat/usersAvailable.ftl
* /struts/struts2/trunk/apps/showcase/src/main/webapp/continuations/guess.ftl
* /struts/struts2/trunk/apps/showcase/src/main/webapp/person/list-people.ftl
* /struts/struts2/trunk/apps/showcase/src/main/webapp/tags/non-ui/actionPrefix/actionPrefix.ftl
* /struts/struts2/trunk/apps/showcase/src/main/webapp/tags/non-ui/actionPrefix/methodPrefix.ftl
* /struts/struts2/trunk/apps/showcase/src/main/webapp/tags/non-ui/actionPrefix/redirectActionPrefix.ftl

                
> Improve output sanitizing best practices in example applications
> ----------------------------------------------------------------
>
>                 Key: WW-3757
>                 URL: https://issues.apache.org/jira/browse/WW-3757
>             Project: Struts 2
>          Issue Type: Improvement
>          Components: Example Applications
>    Affects Versions: 2.3.1.2
>            Reporter: Rene Gielen
>            Assignee: Rene Gielen
>             Fix For: 2.3.2
>
>
> Data inputted by users should be outputted in a clean way to demonstrate XSS prevention.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (WW-3757) Improve output sanitizing best practices in example applications

Posted by "Hudson (Commented) (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/WW-3757?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13211345#comment-13211345 ] 

Hudson commented on WW-3757:
----------------------------

Integrated in Struts2 #416 (See [https://builds.apache.org/job/Struts2/416/])
    WW-3757
Show how to produce sanitized output of user inputted data (Revision 1290994)

     Result = SUCCESS
rgielen : 
Files : 
* /struts/struts2/trunk/apps/showcase/src/main/java/org/apache/struts2/showcase/source/ViewSourceAction.java
* /struts/struts2/trunk/apps/showcase/src/main/webapp/viewSource.jsp

                
> Improve output sanitizing best practices in example applications
> ----------------------------------------------------------------
>
>                 Key: WW-3757
>                 URL: https://issues.apache.org/jira/browse/WW-3757
>             Project: Struts 2
>          Issue Type: Improvement
>          Components: Example Applications
>    Affects Versions: 2.3.1.2
>            Reporter: Rene Gielen
>            Assignee: Rene Gielen
>             Fix For: 2.3.2
>
>
> Data inputted by users should be outputted in a clean way to demonstrate XSS prevention.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Resolved] (WW-3757) Improve output sanitizing best practices in example applications

Posted by "Rene Gielen (Resolved) (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/WW-3757?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Rene Gielen resolved WW-3757.
-----------------------------

    Resolution: Fixed

All outputs are now donw with either <s:property/> or ?html sanitizer in Freemarker
                
> Improve output sanitizing best practices in example applications
> ----------------------------------------------------------------
>
>                 Key: WW-3757
>                 URL: https://issues.apache.org/jira/browse/WW-3757
>             Project: Struts 2
>          Issue Type: Improvement
>          Components: Example Applications
>    Affects Versions: 2.3.1.2
>            Reporter: Rene Gielen
>            Assignee: Rene Gielen
>             Fix For: 2.3.2
>
>
> Data inputted by users should be outputted in a clean way to demonstrate XSS prevention.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Updated] (WW-3757) Improve output sanitizing best practices in example applications

Posted by "Rene Gielen (Updated) (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/WW-3757?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Rene Gielen updated WW-3757:
----------------------------

    Affects Version/s:     (was: 2.3.1.1)
                       2.3.1.2
    
> Improve output sanitizing best practices in example applications
> ----------------------------------------------------------------
>
>                 Key: WW-3757
>                 URL: https://issues.apache.org/jira/browse/WW-3757
>             Project: Struts 2
>          Issue Type: Improvement
>          Components: Example Applications
>    Affects Versions: 2.3.1.2
>            Reporter: Rene Gielen
>            Assignee: Rene Gielen
>             Fix For: 2.3.2
>
>
> Data inputted by users should be outputted in a clean way to demonstrate XSS prevention.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira