Lorenz Quack created QPID-7141:
----------------------------------
Summary: [Java Broker] Make sure all data in the ApiDocs are
correctly encoded
Key: QPID-7141
URL: https://issues.apache.org/jira/browse/QPID-7141
Project: Qpid
Issue Type: Bug
Components: Java Broker
Reporter: Lorenz Quack
The content of the /apidocs html page is derived from the broker which is not
aware of html semantics.
We have to make sure the strings coming from the broker are correctly encoded
before putting them in the HTML DOM.
OWASP has some information about correct escaping/encoding for different
scenarios:
https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
