[ http://mc4j.org/jira/browse/STS-256?page=all ]
Tim Fennell updated STS-256:
----------------------------
Fix Version/s: Release 1.4.1
I'm not sure if all parameters should be encoded, just String parameters, or
just the user input parameter. But at least the latter should be done.
> Parameters to validation errors should be HTML Encoded before display on the
> page
> ---------------------------------------------------------------------------------
>
> Key: STS-256
> URL: http://mc4j.org/jira/browse/STS-256
> Project: Stripes
> Issue Type: Bug
> Components: Validation, Tag Library
> Affects Versions: Release 1.4
> Reporter: Andy
> Assigned To: Tim Fennell
> Fix For: Release 1.4.1
>
>
> If a user enters an invalid value in a field that contains HTML characters
> and the error message includes the value as a parameter (e.g. {0} is not a
> valid {1}), then the HTML makes it into the page un-escaped.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://mc4j.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Stripes-development mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/stripes-development
