[
https://jira.nuxeo.com/browse/NXP-6577?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Anahide Tchertchian updated NXP-6577:
-------------------------------------
SP: 1
Tags: RDIT (was: )
> Prevent cross site scripting when using textarea widgets
> --------------------------------------------------------
>
> Key: NXP-6577
> URL: https://jira.nuxeo.com/browse/NXP-6577
> Project: Nuxeo Enterprise Platform
> Issue Type: Bug
> Affects Versions: 5.4.1
> Reporter: Anahide Tchertchian
> Fix For: 5.4.2
>
>
> Textarea widgets currently change end of line characters into <br /> tags and
> is rendered in view mode without escaping (see NXP-6015: was added to keep
> end of line characters in description).
> This is a secxurity hole for cross side scripting (non escaping in view mode)
> => need to find a better solution to render it and keep line breaks
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.nuxeo.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
ECM-tickets mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm-tickets
