[
https://issues.apache.org/jira/browse/SLING-3248?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14240949#comment-14240949
]
Timothee Maret commented on SLING-3248:
---------------------------------------
[~fmeschbe] The patch contains an obvious XSS hole, however looking at other
web console plugins, it seems XSS are not taken care of in those UIs. Is there
an API in sling that is advised for handling XSS issues ?
> Proposed Improvements to the Tenant Administrative Web Console Plugin
> ---------------------------------------------------------------------
>
> Key: SLING-3248
> URL: https://issues.apache.org/jira/browse/SLING-3248
> Project: Sling
> Issue Type: Improvement
> Components: Extensions
> Affects Versions: Tenant 1.0.0
> Reporter: Felix Meschberger
> Attachments: SLING-3248.patch
>
>
> As suggested in [1]:
> You might want to add some more handling in the Web Console Plugin:
> * Display an error if adding the tenant failed
> * Display information after successfully adding or removing a Tenant
> [1]
> https://issues.apache.org/jira/browse/SLING-2676?focusedCommentId=13506464&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13506464
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
