Uploaded image for project: 'Magnolia Standard Templating Kit (closed)'
  1. Magnolia Standard Templating Kit (closed)
  2. MGNLSTK-1103

Wrap nodes with HTMLEscapingNodeWrapper before rendering - port to master

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Fixed
    • Major
    • 2.5
    • None
    • None
    • None

    Description

      MAGNOLIA-4011 introduces unwrapping nodes before rendering because of problem with multiple escaping.
      Unfortunately This change causes XSS vulnerability of most FTL templates.

      1. Don't unwrap nodes from HTMLEscapingNodeWrapper before rendering.
      2. Wrap nodes with HTMLEscapingNodeWrapper if they are not wrapped already.

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                rkovarik Roman Kovařík
                rkovarik Roman Kovařík
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: