[richfaces-issues] [JBoss JIRA] Updated: (RF-3916) a4j:htmlCommandLink doesn't encode its value

Nick Belaevski (JIRA) Wed, 16 Jul 2008 04:46:35 -0700

     [ 
https://jira.jboss.org/jira/browse/RF-3916?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Nick Belaevski updated RF-3916:
-------------------------------

    Fix Version/s: 3.1.x
                   3.2.2
         Assignee: Anton Belevich
         Priority: Critical  (was: Blocker)


> a4j:htmlCommandLink doesn't encode its value
> --------------------------------------------
>
>                 Key: RF-3916
>                 URL: https://jira.jboss.org/jira/browse/RF-3916
>             Project: RichFaces
>          Issue Type: Bug
>    Affects Versions: 3.1.2
>            Reporter: Lars Koedderitzsch
>            Assignee: Anton Belevich
>            Priority: Critical
>             Fix For: 3.1.x, 3.2.2
>
>
> a4j:htmlCommandLink doesn't encode its value - which opens a door for 
> malicious attacks against RichFaces applications, e.g. the injection of 
> scripts.
> The bug is also present in 3.2.1.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        
_______________________________________________
richfaces-issues mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/richfaces-issues

[richfaces-issues] [JBoss JIRA] Updated: (RF-3916) a4j:htmlCommandLink doesn't encode its value

Reply via email to