-
Improvement
-
Resolution: Fixed
-
Major
-
None
-
None
-
None
-
-
Empty show more show less
MAGNOLIA-4011 introduces unwrapping nodes before rendering because of problem with multiple escaping.
Unfortunately This change causes XSS vulnerability of most FTL templates.
- Don't unwrap nodes from HTMLEscapingNodeWrapper before rendering.
- Wrap nodes with HTMLEscapingNodeWrapper if they are not wrapped already.
Acceptance criteria
- is cloned by
-
MGNLSTK-1103 Wrap nodes with HTMLEscapingNodeWrapper before rendering - port to master
- Closed
- is depended upon by
-
MGNLSTK-1095 Escape values for rendering, don't escape already escaped values - 4.5
- Closed