[jira] [Commented] (DELTASPIKE-752) ensure a secure maximum length of the window-id

Gerhard Petracek (JIRA) Mon, 27 Oct 2014 03:27:08 -0700

    [ 
https://issues.apache.org/jira/browse/DELTASPIKE-752?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14185037#comment-14185037
 ]


Gerhard Petracek commented on DELTASPIKE-752:
---------------------------------------------

i'm not sure why you are using window.name, but it is something special since 
it's unused in case of most sites (e.g. check an average public site with a 
browser-dev-tool).

> ensure a secure maximum length of the window-id
> -----------------------------------------------
>
>                 Key: DELTASPIKE-752
>                 URL: https://issues.apache.org/jira/browse/DELTASPIKE-752
>             Project: DeltaSpike
>          Issue Type: Bug
>          Components: JSF-Module, JSF22-Module
>    Affects Versions: 1.0.3
>            Reporter: Heiko Kopp
>            Priority: Critical
>             Fix For: 1.0.4
>
>
> if the window-id is too long, we would need to escape it to avoid XSS.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (DELTASPIKE-752) ensure a secure maximum length of the window-id

Reply via email to