[jira] [Created] (SLING-7741) org.apache.sling.xss.impl.XSSAPIImpl#getValidHref doesn't correctly handle the ":" character in URL fragments

Radu Cotescu (JIRA) Fri, 15 Jun 2018 07:17:10 -0700

Radu Cotescu created SLING-7741:
-----------------------------------

             Summary: org.apache.sling.xss.impl.XSSAPIImpl#getValidHref doesn't 
correctly handle the ":" character in URL fragments
                 Key: SLING-7741
                 URL: https://issues.apache.org/jira/browse/SLING-7741
             Project: Sling
          Issue Type: Bug
          Components: XSS Protection API
    Affects Versions: XSS Protection API Compat 1.1.0, XSS Protection API 
2.0.0, XSS Protection API 1.0.0
            Reporter: Radu Cotescu
            Assignee: Radu Cotescu
             Fix For: XSS Protection API 2.0.8



{{org.apache.sling.xss.impl.XSSAPIImpl#getValidHref}} doesn't correctly handle 
the ":" character in URL fragments:
{code}
https://sling.apache.org/#fragment:test -> 
https://sling.apache.org/_#fragment_test
{code}

Namespace mangling should only occur for the path section of the URL.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (SLING-7741) org.apache.sling.xss.impl.XSSAPIImpl#getValidHref doesn't correctly handle the ":" character in URL fragments

Reply via email to