Radu Cotescu created SLING-9694: ----------------------------------- Summary: XSSAPIImpl#getValidHref does not escape the ampersand character Key: SLING-9694 URL: https://issues.apache.org/jira/browse/SLING-9694 Project: Sling Issue Type: Bug Components: XSS Protection API Affects Versions: XSS Protection API Compat 1.1.0, XSS Protection API 2.2.0, XSS Protection API 2.1.0, XSS Protection API 2.0.0, XSS Protection API 1.0.0 Reporter: Radu Cotescu Assignee: Radu Cotescu Fix For: XSS Protection API 2.2.8
{{XSSAPIImpl#getValidHref}} does not escape the ampersand character, although the API's JavaDoc states that the method should "Sanitize a URL for writing as an HTML href or src attribute value". -- This message was sent by Atlassian Jira (v8.3.4#803005)