![]() |
|
|
|
|
Change By:
|
Roman Kovařík
(28/Feb/13 8:15 AM)
|
|
Summary:
|
Most of
Escape
values
in FTL templates should be
for rendering, don't escape already
escaped
- 2.0.x
values
|
|
Description:
|
# Open some web page
Due to changes by MGNLSTK
-
> Page Info
1101 and MAGNOLIA-4866 are most of values in FTL templates already escaped.
* remove escaping from templates
Cover the cases where are values still not escaped:
#
Enter for
Nodes taken by
*
Headline/Navigation Title/Site Title
Identifier
*
some XSS
in model classes
. #
Save -> XSS exploit
Contents taken by *querries*.
#
A lot of other templates with the same problem
Assests
.
|
|
|
|
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
----------------------------------------------------------------
For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: <
[email protected]>
----------------------------------------------------------------