[jira] [Created] (SLING-9770) XSS API encodeForCSSString should sometimes leave the '>' character alone

Nicolas Peltier (Jira) Sat, 26 Sep 2020 10:03:44 -0700

Nicolas Peltier created SLING-9770:
--------------------------------------

             Summary: XSS API encodeForCSSString should sometimes leave the '>' 
character alone
                 Key: SLING-9770
                 URL: https://issues.apache.org/jira/browse/SLING-9770
             Project: Sling
          Issue Type: Bug
          Components: XSS Protection API
    Affects Versions: XSS Protection API 2.2.6
            Reporter: Nicolas Peltier



while

xssApi.encodeForCSSString should righteously encode {color:#6a8759}"JavaScrIpt 
some text>"{color}{color:#172b4d} into {color}{color:#6a8759}"JavaScrIpt some 
text{color}{color:#cc7832}\\{color}{color:#6a8759}3e"{color}{color:#cc7832}
{color}it should leave {color:#6a8759}".foo > .bar \{ some rule 
}"{color}{color:#cc7832}{color:#172b4d} alone{color} {color:#172b4d}as changing 
here the '>' character {color}{color:#172b4d}will break the CSS{color}
{color}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (SLING-9770) XSS API encodeForCSSString should sometimes leave the '>' character alone

Reply via email to