[
https://issues.apache.org/jira/browse/DELTASPIKE-752?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14185018#comment-14185018
]
Heiko Kopp edited comment on DELTASPIKE-752 at 10/27/14 10:00 AM:
------------------------------------------------------------------
Okay sounds fair. Though I'm not aware that WE do something special with the
window ID, though we open a new window for our application with a specific
window.name ... I bet thats the problem here. Can this be? Is the clientwindow
javascript somehow taking the previously defined window.name into account or
simply overwrites it?
was (Author: bardioc):
Okay sounds fair. Though I'm not away that WE do something special with the
window ID, though we open a new window for our application with a specific
window.name ... I bet thats the problem here. Can this be? Is the clientwindow
javascript somehow taking the previously defined window.name into account or
simply overwrites it?
> ensure a secure maximum length of the window-id
> -----------------------------------------------
>
> Key: DELTASPIKE-752
> URL: https://issues.apache.org/jira/browse/DELTASPIKE-752
> Project: DeltaSpike
> Issue Type: Bug
> Components: JSF-Module, JSF22-Module
> Affects Versions: 1.0.3
> Reporter: Heiko Kopp
> Priority: Critical
> Fix For: 1.0.4
>
>
> if the window-id is too long, we would need to escape it to avoid XSS.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
