[ https://issues.apache.org/jira/browse/SLING-9019?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Radu Cotescu closed SLING-9019. ------------------------------- > The XSSFilter will mark URLs containing both escaped characters and HTML > entities as invalid > -------------------------------------------------------------------------------------------- > > Key: SLING-9019 > URL: https://issues.apache.org/jira/browse/SLING-9019 > Project: Sling > Issue Type: Bug > Components: XSS Protection API > Affects Versions: XSS Protection API 2.0.4 > Reporter: Radu Cotescu > Assignee: Radu Cotescu > Priority: Major > Fix For: XSS Protection API 2.2.0 > > > A URL similar to {{http://localhost/?q=a+b&r=1}} will be marked as > invalid by the {{XSSFilterImpl}} implementation. However, the URL provided is > valid and should not be filtered. -- This message was sent by Atlassian Jira (v8.3.4#803005)