click-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bob Schellink (JIRA)" <>
Subject [jira] Resolved: (CLK-670) Escape link values and parameters
Date Tue, 16 Nov 2010 11:03:14 GMT


Bob Schellink resolved CLK-670.

    Resolution: Fixed

Since Click links are URLEncoded I don't think it needs to be escaped as well. OWASP Java
implementation also uses

> Escape link values and parameters
> ---------------------------------
>                 Key: CLK-670
>                 URL:
>             Project: Click
>          Issue Type: Improvement
>    Affects Versions: 2.2.0
>            Reporter: Bob Schellink
>            Assignee: Bob Schellink
>             Fix For: 2.3.0-M1
> We should look at escaping the values and other parameters of links. Currently they are
rendered as is. I don't think this is a major risk since one doesn't normally set user provided
input as link parameters. Still, its better to err on the side of caution.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message