sling-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Munteanu (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (SLING-3665) Support XSS Encoding
Date Wed, 20 Sep 2017 12:09:02 GMT

     [ https://issues.apache.org/jira/browse/SLING-3665?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Robert Munteanu closed SLING-3665.
----------------------------------

> Support XSS Encoding
> --------------------
>
>                 Key: SLING-3665
>                 URL: https://issues.apache.org/jira/browse/SLING-3665
>             Project: Sling
>          Issue Type: Bug
>          Components: Scripting
>    Affects Versions: Scripting JSP-Taglib 2.2.0
>            Reporter: Dan Klco
>            Assignee: Dan Klco
>            Priority: Minor
>              Labels: patch
>             Fix For: Scripting JSP-Taglib 2.2.2
>
>         Attachments: SLING-3665.diff
>
>
> I'd propose we should support proper XSS encoding through the Sling JSP Taglib.  Nothing
too elaborate, just more than is provided by the JSTL Commons Out tag as that's not sufficient
to provide true XSS protection.
> I'll attach a patch with a new tag which uses the OWASP ESAPI's encoder service to encode
content in several different ways depending on how it should be used.  This API is available
under the BSD license, so I believe it is compatible.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message