#718: Generating the current route without additional arguments results in
unescaped single quotes and square brackets
----------------------+-----------------------------------------------------
Reporter: david | Owner: david
Type: defect | Status: new
Priority: highest | Milestone: 0.11.1
Component: routing | Version: 0.11.0
Severity: critical | Keywords:
Has_patch: 0 |
----------------------+-----------------------------------------------------
{{{[}}} and {{{]}}} must be escaped in query strings. Also, the unescaped
{{{'}}} opens the door to XSS/CSRF attacks on sites that use single quotes
in their markup.
--
Ticket URL: <http://trac.agavi.org/ticket/718>
Agavi <http://www.agavi.org/>
An MVC Framework for PHP5
_______________________________________________
Agavi Tickets Mailing List
[email protected]
http://lists.agavi.org/mailman/listinfo/tickets
