[jira] [Updated] (ISIS-3077) All HTML Inputs need to be Escaped in Order to Avoid XSS Vulnarabilities

Andi Huber (Jira) Wed, 15 Jun 2022 08:04:59 -0700


     [ 
https://issues.apache.org/jira/browse/ISIS-3077?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Andi Huber updated ISIS-3077:
-----------------------------
    Description: 
Problem is with our use of Wicket's 
org.apache.wicket.markup.html.form.TextField<T>: input gets 
interpreted/executed by the browser.

see
https://the-asf.slack.com/archives/CFC42LWBV/p1655298008979249?thread_ts=1655296945.755859&cid=CFC42LWBV

  
was:https://the-asf.slack.com/archives/CFC42LWBV/p1655298008979249?thread_ts=1655296945.755859&cid=CFC42LWBV


> All HTML Inputs need to be Escaped in Order to Avoid XSS Vulnarabilities 
> -------------------------------------------------------------------------
>
>                 Key: ISIS-3077
>                 URL: https://issues.apache.org/jira/browse/ISIS-3077
>             Project: Isis
>          Issue Type: Bug
>          Components: Isis Viewer Wicket
>    Affects Versions: 2.0.0-M7
>            Reporter: Jörg Rade
>            Assignee: Andi Huber
>            Priority: Major
>             Fix For: 2.0.0-M8
>
>
> Problem is with our use of Wicket's 
> org.apache.wicket.markup.html.form.TextField<T>: input gets 
> interpreted/executed by the browser.
> see
> https://the-asf.slack.com/archives/CFC42LWBV/p1655298008979249?thread_ts=1655296945.755859&cid=CFC42LWBV



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

[jira] [Updated] (ISIS-3077) All HTML Inputs need to be Escaped in Order to Avoid XSS Vulnarabilities

Reply via email to