[jira] [Commented] (SLING-4525) XSS protection path mangling issue
[ https://issues.apache.org/jira/browse/SLING-4525?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14541897#comment-14541897 ] ASF GitHub Bot commented on SLING-4525: --- Github user asfgit closed the pull request at: https://github.com/apache/sling/pull/80 XSS protection path mangling issue -- Key: SLING-4525 URL: https://issues.apache.org/jira/browse/SLING-4525 Project: Sling Issue Type: Bug Components: Extensions Affects Versions: XSS Protection API 1.0.0 Reporter: Georg Koester Assignee: Radu Cotescu Priority: Minor Fix For: XSS Protection API 1.0.4 Attachments: 0001-Add-testcases-for-getValidHref-showing-problem-in-co.patch Last part in path gets prepended with an underscore if there is a colon in the query string. Test appended, to be applied on https://github.com/apache/sling/tree/196dea678c6010 Test output: Failed tests: XSSAPIImplTest.testGetValidHref:267 Requested '/content/items/searchpages.html?0_tag:id=geo' expected:/content/items/[searchpages.html?0_tag%3a]id=geo but was:/content/items/[_searchpages.html?0_tag_]id=geo -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SLING-4525) XSS protection path mangling issue
[ https://issues.apache.org/jira/browse/SLING-4525?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14386429#comment-14386429 ] ASF GitHub Bot commented on SLING-4525: --- GitHub user vladbailescu opened a pull request: https://github.com/apache/sling/pull/80 SLING-4525 - XSS protection path mangling issue - Added proper encoding for colons in query string - Added testcases based on Georg Koester's patch You can merge this pull request into a Git repository by running: $ git pull https://github.com/vladbailescu/sling SLING-4525_xss_protection_colon Alternatively you can review and apply these changes as the patch at: https://github.com/apache/sling/pull/80.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #80 commit 75a326cae99a54de76652e97076bdeba465e65df Author: vladbailescu baile...@adobe.com Date: 2015-03-30T09:13:51Z SLING-4525 - XSS protection path mangling issue - Added proper encoding for colons in query string - Added testcases based on Georg Koester's patch XSS protection path mangling issue -- Key: SLING-4525 URL: https://issues.apache.org/jira/browse/SLING-4525 Project: Sling Issue Type: Bug Components: Extensions Affects Versions: XSS Protection API 1.0.0 Reporter: Georg Koester Priority: Minor Attachments: 0001-Add-testcases-for-getValidHref-showing-problem-in-co.patch Last part in path gets prepended with an underscore if there is a colon in the query string. Test appended, to be applied on https://github.com/apache/sling/tree/196dea678c6010 Test output: Failed tests: XSSAPIImplTest.testGetValidHref:267 Requested '/content/items/searchpages.html?0_tag:id=geo' expected:/content/items/[searchpages.html?0_tag%3a]id=geo but was:/content/items/[_searchpages.html?0_tag_]id=geo -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SLING-4525) XSS protection path mangling issue
[ https://issues.apache.org/jira/browse/SLING-4525?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14386431#comment-14386431 ] Vlad Bailescu commented on SLING-4525: -- [~radu.cotescu] Can you please check the fix in the PR? Thank you! XSS protection path mangling issue -- Key: SLING-4525 URL: https://issues.apache.org/jira/browse/SLING-4525 Project: Sling Issue Type: Bug Components: Extensions Affects Versions: XSS Protection API 1.0.0 Reporter: Georg Koester Priority: Minor Attachments: 0001-Add-testcases-for-getValidHref-showing-problem-in-co.patch Last part in path gets prepended with an underscore if there is a colon in the query string. Test appended, to be applied on https://github.com/apache/sling/tree/196dea678c6010 Test output: Failed tests: XSSAPIImplTest.testGetValidHref:267 Requested '/content/items/searchpages.html?0_tag:id=geo' expected:/content/items/[searchpages.html?0_tag%3a]id=geo but was:/content/items/[_searchpages.html?0_tag_]id=geo -- This message was sent by Atlassian JIRA (v6.3.4#6332)
