[jira] [Created] (SLING-9694) XSSAPIImpl#getValidHref does not escape the ampersand character

Radu Cotescu (Jira) Tue, 25 Aug 2020 09:10:17 -0700

Radu Cotescu created SLING-9694:
-----------------------------------

             Summary: XSSAPIImpl#getValidHref does not escape the ampersand 
character
                 Key: SLING-9694
                 URL: https://issues.apache.org/jira/browse/SLING-9694
             Project: Sling
          Issue Type: Bug
          Components: XSS Protection API
    Affects Versions: XSS Protection API Compat 1.1.0, XSS Protection API 
2.2.0, XSS Protection API 2.1.0, XSS Protection API 2.0.0, XSS Protection API 
1.0.0
            Reporter: Radu Cotescu
            Assignee: Radu Cotescu
             Fix For: XSS Protection API 2.2.8



{{XSSAPIImpl#getValidHref}} does not escape the ampersand character, although 
the API's JavaDoc states that the method should "Sanitize a URL for writing as 
an HTML href or src attribute value".



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (SLING-9694) XSSAPIImpl#getValidHref does not escape the ampersand character

Reply via email to