[jira] [Resolved] (SLING-9019) The XSSFilter will mark URLs containing both escaped characters and HTML entities as invalid

Radu Cotescu (Jira) Wed, 22 Jan 2020 07:19:53 -0800


     [ 
https://issues.apache.org/jira/browse/SLING-9019?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Radu Cotescu resolved SLING-9019.
---------------------------------
    Resolution: Fixed

Fixed in [commit 
f8f046b|https://github.com/apache/sling-org-apache-sling-xss/commit/f8f046b].

> The XSSFilter will mark URLs containing both escaped characters and HTML 
> entities as invalid
> --------------------------------------------------------------------------------------------
>
>                 Key: SLING-9019
>                 URL: https://issues.apache.org/jira/browse/SLING-9019
>             Project: Sling
>          Issue Type: Bug
>          Components: XSS Protection API
>    Affects Versions: XSS Protection API 2.0.4
>            Reporter: Radu Cotescu
>            Assignee: Radu Cotescu
>            Priority: Major
>             Fix For: XSS Protection API 2.2.0
>
>
> A URL similar to {{http://localhost/?q=a+b&amp;r=1}} will be marked as 
> invalid by the {{XSSFilterImpl}} implementation. However, the URL provided is 
> valid and should not be filtered.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Resolved] (SLING-9019) The XSSFilter will mark URLs containing both escaped characters and HTML entities as invalid

Reply via email to