Hi Manuri, On Wed, Jan 17, 2018 at 10:27 AM, Manuri Amaya Perera <[email protected]> wrote:
> Hi Malaka, > > Can't we avoid calling htmlEncode method since the passed content is > already html and hard-coded as well? > We cannot avoid the htmlEncode method here as it is added as a prevention to the XSS attacks. We have identified this as a possible place for XSS and fixed this some times back. Fixes are delivered to the public as well Thanks, Prakhash > > Thanks, > Manuri > > On Wed, Jan 17, 2018 at 10:14 AM, Malaka Gangananda <[email protected]> > wrote: > >> Select Error Codes section does not work properly when configuring >> advance properties of end points. >> When Select Error Codes section is selected while trying to configure >> suspend or timeout error codes in Address Endpoints it just pop up a html >> code rather than showing the actual error codes as shown in below. >> >> >> >> >> >> >> >> >> Reason behind this is in endpoint-utils.js code it uses >> the CARBON.showPopupDialog method, and it passes the html code which needs >> to create the pop up menu into this method. >> But in showPopupDialog method it uses the htmlEncode method and convert >> the html content into text and put within a newly created html section. >> So the popup menu shown as text as mentioned above. >> CARBON.showPopupDialog method has been used to edit inline throttle >> policy as well and that section also shows this error. >> So how to proceed with this ? >> >> Thanks, >> -- >> Malaka. >> -- >> Malaka Gangananda - Software Engineer | WSO2 >> Email : [email protected] >> Mobile : +94713564340 <+94%2071%20356%204340> >> Web : http://wso2.com >> <http://wso2.com/signature> >> > > > > -- > > *Manuri Amaya Perera* > > *Senior Software Engineer* > > *WSO2 Inc.* > > *Blog: http://manuriamayaperera.blogspot.com > <http://manuriamayaperera.blogspot.com>* > > > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Prakhash Sivakumar Software Engineer | WSO2 Inc Platform Security Team Mobile : +94771510080 Blog : https://medium.com/@PrakhashS
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
